Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2344

Provide more diagnostics/stack traces on SASL Auth failure

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.4.7, 3.5.1, 3.4.11
    • Fix Version/s: 3.5.4, 3.6.0, 3.4.12
    • Component/s: java client, server
    • Labels:
      None

      Description

      When Kerberos decides it doesn't want to work, the JRE libraries provide some terse and unhelpful error messages.

      The only way to debug the problem is (a) to have complete stack traces and (b) as much related information as possible.

      Zookeeper could do more here. Currently too much of the code loses stack traces; sometimes auth errors aren't reported back to the client (the connection is closed) +others

      Everyone who has tried to diagnose kerberos problems will appreciate improvements here

        Issue Links

          Activity

          Hide
          rakeshr Rakesh R added a comment -

          I am moving this out to 3.4.10 for now.

          Show
          rakeshr Rakesh R added a comment - I am moving this out to 3.4.10 for now.
          Hide
          rgs Raul Gutierrez Segales added a comment -

          Chris Nauroth, Steve Loughran: lets target this for 3.4.9 - thanks!

          Show
          rgs Raul Gutierrez Segales added a comment - Chris Nauroth , Steve Loughran : lets target this for 3.4.9 - thanks!
          Hide
          cnauroth Chris Nauroth added a comment -

          Tell me which branch you'd like patches against and I see what I can do too

          Hi Steve Loughran. In general, patches are flowing into trunk and branch-3.5 right now. I expect any trunk patch is also applicable to branch-3.5. Bug fixes can also flow down to the branch-3.4 maintenance line depending on the circumstances. For small patches to improve logging and debugging like you're suggesting, I expect they'd be great candidates for inclusion in branch-3.4. You'll likely need to create a different patch file for branch-3.4.

          Show
          cnauroth Chris Nauroth added a comment - Tell me which branch you'd like patches against and I see what I can do too Hi Steve Loughran . In general, patches are flowing into trunk and branch-3.5 right now. I expect any trunk patch is also applicable to branch-3.5. Bug fixes can also flow down to the branch-3.4 maintenance line depending on the circumstances. For small patches to improve logging and debugging like you're suggesting, I expect they'd be great candidates for inclusion in branch-3.4. You'll likely need to create a different patch file for branch-3.4.
          Hide
          fpj Flavio Junqueira added a comment -

          Thanks Steve Loughran.

          Tell me which branch you'd like patches against and I see what I can do too

          I'd say 3.4 because that's what most folks are using at the moment, 3.5 and trunk

          Show
          fpj Flavio Junqueira added a comment - Thanks Steve Loughran . Tell me which branch you'd like patches against and I see what I can do too I'd say 3.4 because that's what most folks are using at the moment, 3.5 and trunk
          Hide
          stevel@apache.org Steve Loughran added a comment -

          I'll add some stacks as I go along. the ones where stack traces get lost are one-line fixes; anything for diagnostics harder -I think the thing to know there is what information to provide in server-side and client-side reports.

          At a guess

          1. keytabs
          2. user being used
          3. location of JAAS conf file and/or dump of the actual config

          Tell me which branch you'd like patches against and I see what I can do too

          Show
          stevel@apache.org Steve Loughran added a comment - I'll add some stacks as I go along. the ones where stack traces get lost are one-line fixes; anything for diagnostics harder -I think the thing to know there is what information to provide in server-side and client-side reports. At a guess keytabs user being used location of JAAS conf file and/or dump of the actual config Tell me which branch you'd like patches against and I see what I can do too
          Hide
          fpj Flavio Junqueira added a comment -

          Steve Loughran I've just had to do this for Kafka and it was not too bad, but that might have to do with code familiarity. If you could be a bit more specific about the cases that you found we could do more, then I'd appreciate if you could list them here so that I can get a better idea of how to fix it.

          Thanks for reporting this issue.

          Show
          fpj Flavio Junqueira added a comment - Steve Loughran I've just had to do this for Kafka and it was not too bad, but that might have to do with code familiarity. If you could be a bit more specific about the cases that you found we could do more, then I'd appreciate if you could list them here so that I can get a better idea of how to fix it. Thanks for reporting this issue.

            People

            • Assignee:
              Unassigned
              Reporter:
              stevel@apache.org Steve Loughran
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:

                Development