[jira] [Updated] (KNOX-2229) Knox shouldn't exclude Kerby since it is used by Hadoop

Mon, 10 Feb 2020 09:18:56 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden updated KNOX-2229:
-------------------------------
    Component/s: Server
                 Build

> Knox shouldn't exclude Kerby since it is used by Hadoop
> -------------------------------------------------------
>
>                 Key: KNOX-2229
>                 URL: https://issues.apache.org/jira/browse/KNOX-2229
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Build, Server
>    Affects Versions: 1.0.0, 1.1.0, 1.2.0, 1.3.0
>            Reporter: Kevin Risden
>            Assignee: Kevin Risden
>            Priority: Major
>             Fix For: 1.4.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> KNOX-1161 excluded Kerby from Knox, but since Kerby is used by Hadoop there 
> are some cases where Knox requires Kerby transitively. Specifically in the 
> case of hadoop-auth when Knox handles SPNEGO authentication and set 
> hadoop.auth.config.kerberos.principal=*
> This causes the following stacktrace in gateway.log
> {code:java}
> 2020-02-05 16:46:58,125 ERROR knox.gateway 
> (AbstractGatewayFilter.java:doFilter(69)) - Failed to execute filter: 
> java.lang.NoClassDefFoundError: org/apache/kerby/kerberos/kerb/keytab/Keytab
> java.lang.NoClassDefFoundError: org/apache/kerby/kerberos/kerb/keytab/Keytab
>       at 
> org.apache.hadoop.security.authentication.util.KerberosUtil.getPrincipalNames(KerberosUtil.java:225)
>       at 
> org.apache.hadoop.security.authentication.util.KerberosUtil.getPrincipalNames(KerberosUtil.java:244)
>       at 
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:146)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:194)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:180)
>       at 
> org.apache.knox.gateway.GatewayFilter$Holder.getInstance(GatewayFilter.java:402)
>       at 
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:371)
>       at 
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:272)
>       at 
> org.apache.knox.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:30)
>       at 
> org.apache.knox.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)
>       at 
> org.apache.knox.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:372)
>       at 
> org.apache.knox.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:272)
>       at 
> org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:171)
>       at org.apache.knox.gateway.GatewayFilter.doFilter(GatewayFilter.java:94)
>       at 
> org.apache.knox.gateway.GatewayServlet.service(GatewayServlet.java:141)
>       at 
> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:857)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655)
>       at 
> org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
>       at 
> org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>       at 
> org.apache.knox.gateway.trace.TraceHandler.handle(TraceHandler.java:51)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>       at 
> org.apache.knox.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:41)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>       at 
> org.apache.knox.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:152)
>       at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
>       at org.eclipse.jetty.server.Server.handle(Server.java:503)
>       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
>       at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
>       at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
>       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
>       at 
> org.eclipse.jetty.io.ssl.SslConnection$DecryptedEndPoint.onFillable(SslConnection.java:411)
>       at 
> org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:305)
>       at 
> org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:159)
>       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
>       at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
>       at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
>       at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
>       at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
>       at 
> org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126)
>       at 
> org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassNotFoundException: 
> org.apache.kerby.kerberos.kerb.keytab.Keytab
>       at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>       at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>       at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>       ... 60 more
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to