Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
SecurityUtil.login(getConf(), QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Login successful.");
But SecurityUtil.login may return directly if UserGroupInformation.isSecurityEnabled return false.
public static void login(final Configuration conf, final String keytabFileKey, final String userNameKey, String hostname) throws IOException { if(!UserGroupInformation.isSecurityEnabled()) return; String keytabFilename = conf.get(keytabFileKey); if (keytabFilename == null || keytabFilename.length() == 0) { throw new IOException("Running in secure mode, but config doesn't have a keytab"); } String principalConfig = conf.get(userNameKey, System .getProperty("user.name")); String principalName = SecurityUtil.getServerPrincipal(principalConfig, hostname); UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename); }
UserGroupInformation.isSecurityEnabled is configed by hadoop.security.authentication. But the document only said need to config hbase.security.authentication. So, I thought we need to add document about this, too.
QueryServer doc: https://phoenix.apache.org/server.html
Attachments
Attachments
Issue Links
- links to