[ https://issues.apache.org/jira/browse/HDFS-14609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16928518#comment-16928518 ]
Takanobu Asanuma commented on HDFS-14609: ----------------------------------------- [~zhangchen] Thanks for your hard work on this issue. I ran the unit tests several times and sometimes saw the following error. This test may be flaky. {noformat} $ mvn test -Dtest=TestRouterHttpDelegationToken ... [INFO] Running org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken [ERROR] Tests run: 3, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 6.146 s <<< FAILURE! - in org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken [ERROR] testGetDelegationToken(org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken) Time elapsed: 0.115 s <<< ERROR! org.apache.hadoop.service.ServiceStateException: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: router/localh...@example.com from keytab /.../hadoop/hadoop-hdfs-project/hadoop-hdfs-rbf/target/test/data/SecurityConfUtil/test.keytab javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31) - PREAUTH_FAILED at org.apache.hadoop.service.ServiceStateException.convert(ServiceStateException.java:105) at org.apache.hadoop.service.AbstractService.init(AbstractService.java:173) at org.apache.hadoop.hdfs.server.federation.security.TestRouterHttpDelegationToken.setup(TestRouterHttpDelegationToken.java:132) {noformat} The patch seems no problem, but I think {{SecurityConfUtil#initSecurity()}} has some problems. > RBF: Security should use common AuthenticationFilter > ---------------------------------------------------- > > Key: HDFS-14609 > URL: https://issues.apache.org/jira/browse/HDFS-14609 > Project: Hadoop HDFS > Issue Type: Bug > Reporter: CR Hota > Assignee: Chen Zhang > Priority: Major > Attachments: HDFS-14609.001.patch, HDFS-14609.002.patch, > HDFS-14609.003.patch, HDFS-14609.004.patch, HDFS-14609.005.patch, > HDFS-14609.006.patch > > > We worked on router based federation security as part of HDFS-13532. We kept > it compatible with the way namenode works. However with HADOOP-16314 and > HDFS-16354 in trunk, auth filters seems to have been changed causing tests to > fail. > Changes are needed appropriately in RBF, mainly fixing broken tests. -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org