[jira] [Commented] (HADOOP-16457) Hadoop does not work with Kerberos config in hdfs-site.xml for simple security

Tue, 06 Aug 2019 14:50:18 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901502#comment-16901502
 ] 

Hudson commented on HADOOP-16457:
---------------------------------

FAILURE: Integrated in Jenkins build Hadoop-trunk-Commit #17050 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/17050/])
HADOOP-16457. Fixed Kerberos activation in ServiceAuthorizationManager.  
(eyang: rev 22430c10e2c41d7b5e4f0457eedaf5395b2b3c84)
* (edit) 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/authorize/ServiceAuthorizationManager.java
* (edit) 
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/security/authorize/TestServiceAuthorization.java


> Hadoop does not work with Kerberos config in hdfs-site.xml for simple security
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-16457
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16457
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.3.0
>            Reporter: Eric Yang
>            Assignee: Prabhu Joseph
>            Priority: Minor
>             Fix For: 3.3.0
>
>         Attachments: HADOOP-16457-001.patch, HADOOP-16457-002.patch
>
>
> When http filter initializers is setup to use StaticUserWebFilter, AuthFilter 
> is still setup.  This prevents datanode to talk to namenode.
> Error message in namenode logs:
> {code}
> 2019-07-24 15:47:38,038 INFO org.apache.hadoop.hdfs.DFSUtil: Filter 
> initializers set : 
> org.apache.hadoop.http.lib.StaticUserWebFilter,org.apache.hadoop.hdfs.web.AuthFilterInitializer
> 2019-07-24 16:06:26,212 WARN 
> SecurityLogger.org.apache.hadoop.security.authorize.ServiceAuthorizationManager:
>  Authorization failed for hdfs (auth:SIMPLE) for protocol=interface 
> org.apache.hadoop.hdfs.server.protocol.DatanodeProtocol: this service is only 
> accessible by dn/[email protected]
> {code}
> Errors in datanode log:
> {code}
> 2019-07-24 16:07:01,253 WARN org.apache.hadoop.hdfs.server.datanode.DataNode: 
> Problem connecting to server: eyang-1.openstacklocal/172.26.111.17:9000
> {code}
> The logic in HADOOP-16354 always added AuthFilter regardless security is 
> enabled or not.  This is incorrect.  When simple security is chosen and using 
> StaticUserWebFilter.  AutheFilter check should not be required for datanode 
> to communicate with namenode.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to