Uploaded image for project: 'Phoenix'
  1. Phoenix
  2. PHOENIX-5904

Add log if the configed kerberos principal login failed

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: queryserver-6.0.0
    • Component/s: queryserver
    • Labels:
      None

      Description

      SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
          QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
      LOG.info("Login successful.");
      

      But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.

       

      public static void login(final Configuration conf,
          final String keytabFileKey, final String userNameKey, String hostname)
          throws IOException {
        
        if(!UserGroupInformation.isSecurityEnabled()) 
          return;
        
        String keytabFilename = conf.get(keytabFileKey);
        if (keytabFilename == null || keytabFilename.length() == 0) {
          throw new IOException("Running in secure mode, but config doesn't have a keytab");
        }
      
        String principalConfig = conf.get(userNameKey, System
            .getProperty("user.name"));
        String principalName = SecurityUtil.getServerPrincipal(principalConfig,
            hostname);
        UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
      }
      

      UserGroupInformation.isSecurityEnabled is configed by hadoop.security.authentication. But the document only said need to config hbase.security.authentication. So, I thought we need to add document about this, too. 

       

      QueryServer doc: https://phoenix.apache.org/server.html

        Attachments

          Activity

            People

            • Assignee:
              zghao Guanghao Zhang
              Reporter:
              zghao Guanghao Zhang

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment