Guanghao Zhang created PHOENIX-5904:
---------------------------------------
Summary: Add log if the configed kerberos principal login failed
Key: PHOENIX-5904
URL: https://issues.apache.org/jira/browse/PHOENIX-5904
Project: Phoenix
Issue Type: Improvement
Components: queryserver
Reporter: Guanghao Zhang
{code:java}
SecurityUtil.login(getConf(),
QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
LOG.info("Login successful.");
{code}
But SecurityUtil.login may return directly if
UserGroupInformation.isSecurityEnabled return false.
{code:java}
public static void login(final Configuration conf,
final String keytabFileKey, final String userNameKey, String hostname)
throws IOException {
if(!UserGroupInformation.isSecurityEnabled())
return;
String keytabFilename = conf.get(keytabFileKey);
if (keytabFilename == null || keytabFilename.length() == 0) {
throw new IOException("Running in secure mode, but config doesn't have a
keytab");
}
String principalConfig = conf.get(userNameKey, System
.getProperty("user.name"));
String principalName = SecurityUtil.getServerPrincipal(principalConfig,
hostname);
UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
}
{code}
UserGroupInformation.isSecurityEnabled is configed by
*hadoop.security.authentication*. But the document only said need to config
*hbase.security.authentication*. So, I thought we need to add document about
this, too.
QueryServer doc: [https://phoenix.apache.org/server.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)