hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-12426) Add Entry point for Kerberos health check
Date Thu, 21 Jan 2016 02:10:39 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-12426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Steve Loughran updated HADOOP-12426:
------------------------------------
    Attachment: HADOOP-12426-007.patch

Patch -007

# {{--nologin}} dump things but skip the login attempts
# {{--resource <xml-resource>}} add something (e.g hdfs-site.xml) to the config. It's
something that has to be on the classpath.
# core sysprops extended to include JVM version and vendor
# all sysprops are printed, (sorted), afterwards
# if /etc/ntp.conf is there, it gets printed (no parsing)

While getting this working, I encountered the problem where UGI would say "IOE -failed to
load", but the underlying messages were being stripped (even though the original stack came
through). I've gone through the UGI exception wrapping code and made sure that the previous
exception gets included in the error strings. No other changes to UGI exceptions have been
made. I know this pulls in a bit of HADOOP-12649, but it was something I needed.

> Add Entry point for Kerberos health check
> -----------------------------------------
>
>                 Key: HADOOP-12426
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12426
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 2.7.1
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-12426-001.patch, HADOOP-12426-002.patch, HADOOP-12426-003.patch,
HADOOP-12426-004.patch, HADOOP-12426-006.patch, HADOOP-12426-007.patch
>
>
> If we a little command line entry point for testing kerberos settings, including some
automated diagnostics checks, we could simplify fielding the client-side support calls.
> Specifically
> * check JRE for having java crypto extensions at full key length.
> * network checks: do you know your own name?
> * Is the user kinited in?
> * if a tgt is specified, does it exist?
> * are hadoop security options consistent?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message