Hadoop Common
  1. Hadoop Common
  2. HADOOP-6913

Circular initialization between UserGroupInformation and KerberosName

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: security
    • Labels:
      None

      Description

      If the first call to UGI is UGI.setConfiguration(conf), it will try to initialize UGI class. During this initialization, the code calls KerberosName.setConfiguration(). KerberosName's static initializer will in turn call UGI.isSecurityEnabled(). Since UGI hasn't been completely initialized yet, isSecurityEnabled() will re-initialize UGI with a DEFAULT conf. As a result, the original conf used in UGI.setConfiguration(conf) will be overwritten by the DEFAULT conf.

        Issue Links

          Activity

          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk #439 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/439/)
          HADOOP-6913. Circular initialization between UserGroupInformation and KerberosName

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk #439 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/439/ ) HADOOP-6913 . Circular initialization between UserGroupInformation and KerberosName
          Hide
          Hudson added a comment -

          Integrated in Hadoop-Common-trunk-Commit #370 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/370/)
          HADOOP-6913. Circular initialization between UserGroupInformation and KerberosName

          Show
          Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #370 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/370/ ) HADOOP-6913 . Circular initialization between UserGroupInformation and KerberosName
          Hide
          Boris Shkolnik added a comment -

          Committed to trunk. Thanks Kan.

          Show
          Boris Shkolnik added a comment - Committed to trunk. Thanks Kan.
          Hide
          Giridharan Kesavan added a comment -

          resubmitting to test the hudson patch testing

          Show
          Giridharan Kesavan added a comment - resubmitting to test the hudson patch testing
          Hide
          Kan Zhang added a comment -

          The javadoc warnings are due to KerberosName.java and SecurityUtil.java and unrelated to this patch. TestBlockToken in HDFS has been failing because of this bug. It can serve as the test for this patch (once HDFS-1284 is committed).

          Show
          Kan Zhang added a comment - The javadoc warnings are due to KerberosName.java and SecurityUtil.java and unrelated to this patch. TestBlockToken in HDFS has been failing because of this bug. It can serve as the test for this patch (once HDFS-1284 is committed).
          Hide
          Hadoop QA added a comment -

          -1 overall. Here are the results of testing the latest attachment
          http://issues.apache.org/jira/secure/attachment/12451830/c6913-01.patch
          against trunk revision 989999.

          +1 @author. The patch does not contain any @author tags.

          -1 tests included. The patch doesn't appear to include any new or modified tests.
          Please justify why no new tests are needed for this patch.
          Also please list what manual steps were performed to verify this patch.

          -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

          +1 javac. The applied patch does not increase the total number of javac compiler warnings.

          +1 findbugs. The patch does not introduce any new Findbugs warnings.

          +1 release audit. The applied patch does not increase the total number of release audit warnings.

          +1 core tests. The patch passed core unit tests.

          +1 contrib tests. The patch passed contrib unit tests.

          Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/testReport/
          Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
          Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/artifact/trunk/build/test/checkstyle-errors.html
          Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/console

          This message is automatically generated.

          Show
          Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12451830/c6913-01.patch against trunk revision 989999. +1 @author. The patch does not contain any @author tags. -1 tests included. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h9.grid.sp2.yahoo.net/40/console This message is automatically generated.
          Hide
          Devaraj Das added a comment -

          +1

          Show
          Devaraj Das added a comment - +1
          Hide
          Kan Zhang added a comment -

          A patch that initializes UGI completely before initializing others.

          Show
          Kan Zhang added a comment - A patch that initializes UGI completely before initializing others.
          Hide
          Kan Zhang added a comment -

          TestBlockToken fails (HDFS-1284) on some platforms because of this. Before the test starts, it tries to initialize UGI using a customized conf with property "hadoop.security.authentication" set to "kerberos". However, because of this bug, the value eventually been used is "simple" from the default conf. And the test fails as a result.

          Show
          Kan Zhang added a comment - TestBlockToken fails ( HDFS-1284 ) on some platforms because of this. Before the test starts, it tries to initialize UGI using a customized conf with property "hadoop.security.authentication" set to "kerberos". However, because of this bug, the value eventually been used is "simple" from the default conf. And the test fails as a result.

            People

            • Assignee:
              Kan Zhang
              Reporter:
              Kan Zhang
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development