[
https://issues.apache.org/jira/browse/PHOENIX-5904?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guanghao Zhang updated PHOENIX-5904:
------------------------------------
Attachment: PHOENIX-5904.website.diff
> Add log if the configed kerberos principal login failed
> -------------------------------------------------------
>
> Key: PHOENIX-5904
> URL: https://issues.apache.org/jira/browse/PHOENIX-5904
> Project: Phoenix
> Issue Type: Improvement
> Components: queryserver
> Reporter: Guanghao Zhang
> Assignee: Guanghao Zhang
> Priority: Minor
> Attachments: PHOENIX-5904.website.diff
>
>
> {code:java}
> SecurityUtil.login(getConf(),
> QueryServerProperties.QUERY_SERVER_KEYTAB_FILENAME_ATTRIB,
> QueryServerProperties.QUERY_SERVER_KERBEROS_PRINCIPAL_ATTRIB, hostname);
> LOG.info("Login successful.");
> {code}
> But SecurityUtil.login may return directly if
> UserGroupInformation.isSecurityEnabled return false.
>
> {code:java}
> public static void login(final Configuration conf,
> final String keytabFileKey, final String userNameKey, String hostname)
> throws IOException {
>
> if(!UserGroupInformation.isSecurityEnabled())
> return;
>
> String keytabFilename = conf.get(keytabFileKey);
> if (keytabFilename == null || keytabFilename.length() == 0) {
> throw new IOException("Running in secure mode, but config doesn't have a
> keytab");
> }
> String principalConfig = conf.get(userNameKey, System
> .getProperty("user.name"));
> String principalName = SecurityUtil.getServerPrincipal(principalConfig,
> hostname);
> UserGroupInformation.loginUserFromKeytab(principalName, keytabFilename);
> }
> {code}
> UserGroupInformation.isSecurityEnabled is configed by
> *hadoop.security.authentication*. But the document only said need to config
> *hbase.security.authentication*. So, I thought we need to add document about
> this, too.
>
> QueryServer doc: [https://phoenix.apache.org/server.html]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
