[
https://issues.apache.org/jira/browse/HADOOP-12426?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14900544#comment-14900544
]
Kai Zheng commented on HADOOP-12426:
------------------------------------
Thanks Steve.
This looks cool. One thing in mind, are you expecting this client-side tool to
be runnable on NN and DNs side? What behavior would be if it's runned there?
Wondering if it would be good to consider service keytab check.
I guess the new funcationalities will be added to 'hadoop' command, implemented
in Java codes, right.
> Add Entry point for Kerberos health check
> -----------------------------------------
>
> Key: HADOOP-12426
> URL: https://issues.apache.org/jira/browse/HADOOP-12426
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0
> Reporter: Steve Loughran
> Priority: Minor
>
> If we a little command line entry point for testing kerberos settings,
> including some automated diagnostics checks, we could simplify fielding the
> client-side support calls.
> Specifically
> * check JRE for having java crypto extensions at full key length.
> * network checks: do you know your own name?
> * Is the user kinited in?
> * if a tgt is specified, does it exist?
> * are hadoop security options consistent?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
