[PHOENIX-5904] Add log if the configed kerberos principal login failed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: queryserver-6.0.0
Component/s: queryserver
Labels:
None

Description

SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
    QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Login successful.");

But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.

public static void login(final Configuration conf,
    final String keytabFileKey, final String userNameKey, String hostname)
    throws IOException {
  
  if(!UserGroupInformation.isSecurityEnabled()) 
    return;
  
  String keytabFilename = conf.get(keytabFileKey);
  if (keytabFilename == null || keytabFilename.length() == 0) {
    throw new IOException("Running in secure mode, but config doesn't have a keytab");
  }

  String principalConfig = conf.get(userNameKey, System
      .getProperty("user.name"));
  String principalName = SecurityUtil.getServerPrincipal(principalConfig,
      hostname);
  UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
}

UserGroupInformation.isSecurityEnabled is configed by hadoop.security.authentication. But the document only said need to config hbase.security.authentication. So, I thought we need to add document about this, too.

QueryServer doc: https://phoenix.apache.org/server.html

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

PHOENIX-5904.website.diff
20/May/20 10:51
0.7 kB
Guanghao Zhang

Issue Links

links to

GitHub Pull Request #34

Activity

People

Assignee:: Guanghao Zhang

Reporter:: Guanghao Zhang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/May/20 11:31

Updated:: 03/Aug/21 08:35

Resolved:: 28/May/20 06:54