Author: stevel Date: Fri Jan 22 01:32:33 2016 New Revision: 1726136 URL: http://svn.apache.org/viewvc?rev=1726136&view=rev Log: SLIDER-1035 kdiag improvement docs
Modified: incubator/slider/site/trunk/content/docs/manpage.md Modified: incubator/slider/site/trunk/content/docs/manpage.md URL: http://svn.apache.org/viewvc/incubator/slider/site/trunk/content/docs/manpage.md?rev=1726136&r1=1726135&r2=1726136&view=diff ============================================================================== --- incubator/slider/site/trunk/content/docs/manpage.md (original) +++ incubator/slider/site/trunk/content/docs/manpage.md Fri Jan 22 01:32:33 2016 @@ -396,8 +396,7 @@ Example slider install-package --name HBASE --package /usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip slider install-package --name HBASE --package /usr/work/package/hbase/slider-hbase-app-package-0.98.4-hadoop2.zip --replacepkg -###` kdiag [--keytab <keytab> --principal <principal>] [--out outfile] [--fail]` - +### `kdiag [--keytab <keytab> --principal <principal>] [--out <outfile>] [--keylength <length>] [--secure]` Kerberos diagnostics. Any information which can be obtained to diagnose Kerberos problems: @@ -409,11 +408,26 @@ attached to support calls. For an example of the output, see [SLIDER-1027](https://issues.apache.org/jira/browse/SLIDER-1027) +Arguments + +* `--keytab <keytab> --principal <principal>` : list a keytab file to use +and the principal to log in as. The file must contain the specific principal. + +* `--keylength <length>`: set the minimum encryption key length as measured in bits. +If the JVM does not support this length, the command will fail. +The default value is to 256, as needed for the `AES256` encryption scheme. +A JVM without the Java Cryptography Extensions installed does not support +`--keylength 256`: Kerberos will not work Kerberos itself is configured to use +an encryption scheme with a shorter key length. + +* `--secure`: fail if the command is not executed on a secure cluster. +That is: if the hadoop authentication mechanism of the cluster is "simple". + Although there is a `--out outfile` option, much of the output can come from the JRE (to `stderr`) and via log4j (to `stdout`). To get all the output, it is best to redirect both these output streams to the same file, and omit the `--out` option. - slider kdiag --keytab zk.service.keytab --principal zookeeper/devix.cotham.uk > out.txt 2>&1 + slider kdiag --keytab zk.service.keytab --principal zookeeper/devix@REALM > out.txt 2>&1 For extra logging during the operation