knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1542407 - in /incubator/knox: site/ site/books/knox-incubating-0-3-0/ trunk/books/0.3.0/
Date Fri, 15 Nov 2013 21:42:06 GMT
Author: lmccay
Date: Fri Nov 15 21:42:05 2013
New Revision: 1542407

URL: http://svn.apache.org/r1542407
Log:
troubleshooting updates

Modified:
    incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html
    incubator/knox/site/index.html
    incubator/knox/site/issue-tracking.html
    incubator/knox/site/license.html
    incubator/knox/site/mail-lists.html
    incubator/knox/site/project-info.html
    incubator/knox/site/team-list.html
    incubator/knox/trunk/books/0.3.0/book_troubleshooting.md

Modified: incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html (original)
+++ incubator/knox/site/books/knox-incubating-0-3-0/knox-incubating-0-3-0.html Fri Nov 15
21:42:05 2013
@@ -2272,7 +2272,16 @@ log4j.logger.org.apache.http.client=DEBU
 log4j.logger.org.apache.http.headers=DEBUG   # Use this logger to increase the debugging
of Apache HTTP header.
 log4j.logger.org.apache.http.wire=DEBUG      # Use this logger to increase the debugging
of Apache HTTP wire traffic.
 </code></pre><h3><a id="LDAP+Server+Connectivity+Issues"></a>LDAP
Server Connectivity Issues</h3><p>If the gateway cannot contact the configured
LDAP server you will see errors in the gateway diagnostic output.</p>
-<pre><code>TODO:Kevin - What does it look like when the LDAP server isn&#39;t
running.
+<pre><code>13/11/15 16:30:17 DEBUG authc.BasicHttpAuthenticationFilter: Attempting
to execute login with headers [Basic Z3Vlc3Q6Z3Vlc3QtcGFzc3dvcmQ=]
+13/11/15 16:30:17 DEBUG ldap.JndiLdapRealm: Authenticating user &#39;guest&#39; through
LDAP
+13/11/15 16:30:17 DEBUG ldap.JndiLdapContextFactory: Initializing LDAP context using URL
   [ldap://localhost:33389] and principal [uid=guest,ou=people,dc=hadoop,dc=apache,dc=org]
with pooling disabled
+13/11/15 16:30:17 DEBUG servlet.SimpleCookie: Added HttpServletResponse Cookie [rememberMe=deleteMe;
Path=/gateway/vaultservice; Max-Age=0; Expires=Thu, 14-Nov-2013 21:30:17 GMT]
+13/11/15 16:30:17 DEBUG authc.BasicHttpAuthenticationFilter: Authentication required: sending
401 Authentication challenge response.
+</code></pre><p>The client should see something along the lines of:</p>
+<pre><code>HTTP/1.1 401 Unauthorized
+WWW-Authenticate: BASIC realm=&quot;application&quot;
+Content-Length: 0
+Server: Jetty(8.1.12.v20130726)
 </code></pre><p>Resolving this will require ensuring that the LDAP server
is running and that connection information is correct. The LDAP server connection information
is configured in the cluster&rsquo;s topology file (e.g. {GATEWAY_HOME}/deployments/sandbox.xml).</p><h3><a
id="Hadoop+Cluster+Connectivity+Issues"></a>Hadoop Cluster Connectivity Issues</h3><p>If
the gateway cannot contact one of the services in the configured Hadoop cluster you will see
errors in the gateway diagnostic output.</p>
 <pre><code>TODO:Kevin - What does it look like when the Sandbox isn&#39;t
running.
 </code></pre><p>Resolving this will require ensuring that the Hadoop services
are running and that connection information is correct. Basic Hadoop connectivity can be evaluated
using cURL as described elsewhere. Otherwise the Hadoop cluster connection information is
configured in the cluster&rsquo;s topology file (e.g. {GATEWAY_HOME}/deployments/sandbox.xml).</p><h3><a
id="Check+Hadoop+Cluster+Access+via+cURL"></a>Check Hadoop Cluster Access via cURL</h3><p>When
you are experiencing connectivity issue it can be helpful to &ldquo;bypass&rdquo;
the gateway and invoke the Hadoop REST APIs directly. This can easily be done using the cURL
command line utility or many other REST/HTTP clients. Exactly how to use cURL depends on the
configuration of your Hadoop cluster. In general however you will use a command line the one
that follows.</p>
@@ -2281,7 +2290,23 @@ log4j.logger.org.apache.http.wire=DEBUG 
 <pre><code>curl -ikv -X GET &#39;http://localhost:50070/webhdfs/v1/?op=LISTSTATUS&#39;
 </code></pre><p>If you are using a cluster secured with Kerberos you will
need to have used <code>kinit</code> to authenticate to the KDC. Then the command
below should verify that WebHDFS in the Hadoop cluster is accessible.</p>
 <pre><code>curl -ikv --negotiate -u : -X &#39;http://localhost:50070/webhdfs/v1/?op=LISTSTATUS&#39;
-</code></pre><h3><a id="Authentication+Issues"></a>Authentication
Issues</h3><p>TODO:Kevin - What does it look like when the username/password don&rsquo;t
match what is in LDAP?</p><h3><a id="Hostname+Resolution+Issues"></a>Hostname
Resolution Issues</h3><p>TODO:Kevin - What does it look like when host mapping
is enabled and shouldn&rsquo;t be or vice versa.</p><h3><a id="Job+Submission+Issues+-+HDFS+Home+Directories"></a>Job
Submission Issues - HDFS Home Directories</h3><p>TODO:Dilli - What does it look
like if the LDAP authenticated user doesn&rsquo;t have a HDFS home directory and submits
a job.</p><h3><a id="Job+Submission+Issues+-+OS+Accounts"></a>Job
Submission Issues - OS Accounts</h3><p>TODO:Dilli - What does it look like if
the LDAP authenticated user submits a job but doesn&rsquo;t have an OS account.</p><h3><a
id="HBase+Issues"></a>HBase Issues</h3><p>TODO:Kevin - What does it look
like when HBase/Stargate hangs and how do you fix it.</p><h3><a id="SSL+Certificate+Issues"
 ></a>SSL Certificate Issues</h3><p>TODO:Larry - What does it look like
when a client doesn&rsquo;t trust the gateway&rsquo;s SSL identity certificate?</p><h3><a
id="Filing+Bugs"></a>Filing Bugs</h3><p>Bugs can be filed using <a
href="https://issues.apache.org/jira/browse/KNOX">Jira</a>. Please include the results
of this command below in the Environment section. Also include the version of Hadoop being
used in the same section.</p>
+</code></pre><h3><a id="Authentication+Issues"></a>Authentication
Issues</h3><p>The following log information is available when you enable debug
level logging for shiro. This can be done within the conf/log4j.properties file. Not the &ldquo;Password
not correct for user&rdquo; message.</p>
+<pre><code>13/11/15 16:37:15 DEBUG authc.BasicHttpAuthenticationFilter: Attempting
to execute login with headers [Basic Z3Vlc3Q6Z3Vlc3QtcGFzc3dvcmQw]
+13/11/15 16:37:15 DEBUG ldap.JndiLdapRealm: Authenticating user &#39;guest&#39; through
LDAP
+13/11/15 16:37:15 DEBUG ldap.JndiLdapContextFactory: Initializing LDAP context using URL
[ldap://localhost:33389] and principal [uid=guest,ou=people,dc=hadoop,dc=apache,dc=org] with
pooling disabled
+2013-11-15 16:37:15,899 INFO  Password not correct for user &#39;uid=guest,ou=people,dc=hadoop,dc=apache,dc=org&#39;
+2013-11-15 16:37:15,899 INFO  Authenticator org.apache.directory.server.core.authn.SimpleAuthenticator@354c78e3
failed to authenticate: BindContext for DN &#39;uid=guest,ou=people,dc=hadoop,dc=apache,dc=org&#39;,
credentials &lt;0x67 0x75 0x65 0x73 0x74 0x2D 0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64
0x30 &gt;
+2013-11-15 16:37:15,899 INFO  Cannot bind to the server
+13/11/15 16:37:15 DEBUG servlet.SimpleCookie: Added HttpServletResponse Cookie [rememberMe=deleteMe;
Path=/gateway/vaultservice; Max-Age=0; Expires=Thu, 14-Nov-2013 21:37:15 GMT]
+13/11/15 16:37:15 DEBUG authc.BasicHttpAuthenticationFilter: Authentication required: sending
401 Authentication challenge response.
+</code></pre><p>The client will likely see something along the lines of:</p>
+<pre><code>HTTP/1.1 401 Unauthorized
+WWW-Authenticate: BASIC realm=&quot;application&quot;
+Content-Length: 0
+Server: Jetty(8.1.12.v20130726)
+</code></pre><h3><a id="Hostname+Resolution+Issues"></a>Hostname
Resolution Issues</h3><p>TODO:Kevin - What does it look like when host mapping
is enabled and shouldn&rsquo;t be or vice versa.</p><h3><a id="Job+Submission+Issues+-+HDFS+Home+Directories"></a>Job
Submission Issues - HDFS Home Directories</h3><p>TODO:Dilli - What does it look
like if the LDAP authenticated user doesn&rsquo;t have a HDFS home directory and submits
a job.</p><h3><a id="Job+Submission+Issues+-+OS+Accounts"></a>Job
Submission Issues - OS Accounts</h3><p>TODO:Dilli - What does it look like if
the LDAP authenticated user submits a job but doesn&rsquo;t have an OS account.</p><h3><a
id="HBase+Issues"></a>HBase Issues</h3><p>TODO:Kevin - What does it look
like when HBase/Stargate hangs and how do you fix it.</p><h3><a id="SSL+Certificate+Issues"></a>SSL
Certificate Issues</h3><p>Clients that do not trust the certificate presented
by the server will behave in different ways. A browser will typically warn you of
  the inability to trust the receieved certificate and give you an opportunity to add an exception
for the particular certificate. Curl will present you with the follow message and instructions
for turning of certificate verification:</p>
+<pre><code>curl performs SSL certificate verification by default, using a &quot;bundle&quot;
+</code></pre><p> of Certificate Authority (CA) public keys (CA certs).
If the default  bundle file isn&rsquo;t adequate, you can specify an alternate file  using
the &ndash;cacert option.  If this HTTPS server uses a certificate signed by a CA represented
in  the bundle, the certificate verification probably failed due to a  problem with the certificate
(it might be expired, or the name might  not match the domain name in the URL).  If you&rsquo;d
like to turn off curl&rsquo;s verification of the certificate, use  the -k (or &ndash;insecure)
option.</p><h3><a id="Filing+Bugs"></a>Filing Bugs</h3><p>Bugs
can be filed using <a href="https://issues.apache.org/jira/browse/KNOX">Jira</a>.
Please include the results of this command below in the Environment section. Also include
the version of Hadoop being used in the same section.</p>
 <pre><code>cd {GATEWAY_HOME}
 java -jar bin/gateway.jar -version
 </code></pre><h2><a id="Export+Controls"></a>Export Controls</h2><p>Apache
Knox Gateway includes cryptographic software. The country in which you currently reside may
have restrictions on the import, possession, use, and/or re-export to another country, of
encryption software. BEFORE using any encryption software, please check your country&rsquo;s
laws, regulations and policies concerning the import, possession, or use, and re-export of
encryption software, to see if this is permitted. See <a href="http://www.wassenaar.org">http://www.wassenaar.org</a>
for more information.</p><p>The U.S. Government Department of Commerce, Bureau
of Industry and Security (BIS), has classified this software as Export Commodity Control Number
(ECCN) 5D002.C.1, which includes information security software using or performing cryptographic
functions with asymmetric algorithms. The form and manner of this Apache Software Foundation
distribution makes it eligible for export under the License Exception ENC
  Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations,
Section 740.13) for both object code and source code.</p><p>The following provides
more details on the included cryptographic software:</p>

Modified: incubator/knox/site/index.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/index.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/index.html (original)
+++ incubator/knox/site/index.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/issue-tracking.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/issue-tracking.html (original)
+++ incubator/knox/site/issue-tracking.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/license.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/license.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/license.html (original)
+++ incubator/knox/site/license.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/mail-lists.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/mail-lists.html (original)
+++ incubator/knox/site/mail-lists.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/project-info.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/project-info.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/project-info.html (original)
+++ incubator/knox/site/project-info.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/site/team-list.html
URL: http://svn.apache.org/viewvc/incubator/knox/site/team-list.html?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/site/team-list.html (original)
+++ incubator/knox/site/team-list.html Fri Nov 15 21:42:05 2013
@@ -1,5 +1,5 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 14, 2013 -->
+<!-- Generated by Apache Maven Doxia Site Renderer 1.3 at Nov 15, 2013 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
@@ -10,7 +10,7 @@
       @import url("./css/site.css");
     </style>
     <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
-    <meta name="Date-Revision-yyyymmdd" content="20131114" />
+    <meta name="Date-Revision-yyyymmdd" content="20131115" />
     <meta http-equiv="Content-Language" content="en" />
                                                     
 <script type="text/javascript">var _gaq = _gaq || [];
@@ -57,7 +57,7 @@
                         <a href="https://cwiki.apache.org/confluence/display/KNOX/Index"
class="externalLink" title="Wiki">Wiki</a>
               
                     
-                &nbsp;| <span id="publishDate">Last Published: 2013-11-14</span>
+                &nbsp;| <span id="publishDate">Last Published: 2013-11-15</span>
               &nbsp;| <span id="projectVersion">Version: 0.0.0-SNAPSHOT</span>
             </div>
       <div class="clear">

Modified: incubator/knox/trunk/books/0.3.0/book_troubleshooting.md
URL: http://svn.apache.org/viewvc/incubator/knox/trunk/books/0.3.0/book_troubleshooting.md?rev=1542407&r1=1542406&r2=1542407&view=diff
==============================================================================
--- incubator/knox/trunk/books/0.3.0/book_troubleshooting.md (original)
+++ incubator/knox/trunk/books/0.3.0/book_troubleshooting.md Fri Nov 15 21:42:05 2013
@@ -53,7 +53,18 @@ There are various useful loggers pre-pop
 
 If the gateway cannot contact the configured LDAP server you will see errors in the gateway
diagnostic output.
 
-    TODO:Kevin - What does it look like when the LDAP server isn't running.
+	13/11/15 16:30:17 DEBUG authc.BasicHttpAuthenticationFilter: Attempting to execute login
with headers [Basic Z3Vlc3Q6Z3Vlc3QtcGFzc3dvcmQ=]
+	13/11/15 16:30:17 DEBUG ldap.JndiLdapRealm: Authenticating user 'guest' through LDAP
+	13/11/15 16:30:17 DEBUG ldap.JndiLdapContextFactory: Initializing LDAP context using URL
	[ldap://localhost:33389] and principal [uid=guest,ou=people,dc=hadoop,dc=apache,dc=org] with
pooling disabled
+	13/11/15 16:30:17 DEBUG servlet.SimpleCookie: Added HttpServletResponse Cookie [rememberMe=deleteMe;
Path=/gateway/vaultservice; Max-Age=0; Expires=Thu, 14-Nov-2013 21:30:17 GMT]
+	13/11/15 16:30:17 DEBUG authc.BasicHttpAuthenticationFilter: Authentication required: sending
401 Authentication challenge response.
+	
+The client should see something along the lines of:
+
+	HTTP/1.1 401 Unauthorized
+	WWW-Authenticate: BASIC realm="application"
+	Content-Length: 0
+	Server: Jetty(8.1.12.v20130726)
 
 Resolving this will require ensuring that the LDAP server is running and that connection
information is correct.
 The LDAP server connection information is configured in the cluster's topology file (e.g.
{GATEWAY_HOME}/deployments/sandbox.xml).
@@ -90,9 +101,23 @@ Then the command below should verify tha
 
 
 ### Authentication Issues ###
+The following log information is available when you enable debug level logging for shiro.
This can be done within the conf/log4j.properties file. Not the "Password not correct for
user" message.
 
-TODO:Kevin - What does it look like when the username/password don't match what is in LDAP?
-
+	13/11/15 16:37:15 DEBUG authc.BasicHttpAuthenticationFilter: Attempting to execute login
with headers [Basic Z3Vlc3Q6Z3Vlc3QtcGFzc3dvcmQw]
+	13/11/15 16:37:15 DEBUG ldap.JndiLdapRealm: Authenticating user 'guest' through LDAP
+	13/11/15 16:37:15 DEBUG ldap.JndiLdapContextFactory: Initializing LDAP context using URL
[ldap://localhost:33389] and principal [uid=guest,ou=people,dc=hadoop,dc=apache,dc=org] with
pooling disabled
+	2013-11-15 16:37:15,899 INFO  Password not correct for user 'uid=guest,ou=people,dc=hadoop,dc=apache,dc=org'
+	2013-11-15 16:37:15,899 INFO  Authenticator org.apache.directory.server.core.authn.SimpleAuthenticator@354c78e3
failed to authenticate: BindContext for DN 'uid=guest,ou=people,dc=hadoop,dc=apache,dc=org',
credentials <0x67 0x75 0x65 0x73 0x74 0x2D 0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x30
>
+	2013-11-15 16:37:15,899 INFO  Cannot bind to the server
+	13/11/15 16:37:15 DEBUG servlet.SimpleCookie: Added HttpServletResponse Cookie [rememberMe=deleteMe;
Path=/gateway/vaultservice; Max-Age=0; Expires=Thu, 14-Nov-2013 21:37:15 GMT]
+	13/11/15 16:37:15 DEBUG authc.BasicHttpAuthenticationFilter: Authentication required: sending
401 Authentication challenge response.
+
+The client will likely see something along the lines of:
+
+	HTTP/1.1 401 Unauthorized
+	WWW-Authenticate: BASIC realm="application"
+	Content-Length: 0
+	Server: Jetty(8.1.12.v20130726)
 
 ### Hostname Resolution Issues ###
 
@@ -115,8 +140,18 @@ TODO:Kevin - What does it look like when
 
 
 ### SSL Certificate Issues ###
+Clients that do not trust the certificate presented by the server will behave in different
ways. A browser will typically warn you of the inability to trust the receieved certificate
and give you an opportunity to add an exception for the particular certificate. Curl will
present you with the follow message and instructions for turning of certificate verification:
 
-TODO:Larry - What does it look like when a client doesn't trust the gateway's SSL identity
certificate?
+	curl performs SSL certificate verification by default, using a "bundle"
+ 	 of Certificate Authority (CA) public keys (CA certs). If the default
+ 	 bundle file isn't adequate, you can specify an alternate file
+ 	 using the --cacert option.
+	If this HTTPS server uses a certificate signed by a CA represented in
+ 	 the bundle, the certificate verification probably failed due to a
+ 	 problem with the certificate (it might be expired, or the name might
+ 	 not match the domain name in the URL).
+	If you'd like to turn off curl's verification of the certificate, use
+ 	 the -k (or --insecure) option.
 
 
 ### Filing Bugs ###



Mime
View raw message