[jira] [Commented] (HBASE-7781) Update security unit tests to use a KDC if available

Mon, 23 Dec 2013 02:11:43 -0800 

    [ 
https://issues.apache.org/jira/browse/HBASE-7781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13855536#comment-13855536
 ] 

ramkrishna.s.vasudevan commented on HBASE-7781:
-----------------------------------------------

If my realm is hbase@HADOOP.LOCALDOMAIN, what should be the contents of the 
keytab file? I get this error 
{code}
java.io.IOException: Login failure for hbase@HADOOP.LOCALDOMAIN from keytab 
hbase.keytab
        at 
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:695)
        at 
org.apache.hadoop.hbase.security.HBaseKerberosUtils.login(HBaseKerberosUtils.java:116)
        at 
org.apache.hadoop.hbase.security.TestUsersOperationsWithSecureHadoop.testUserLoginInSecureHadoop(TestUsersOperationsWithSecureHadoop.java:88)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
        at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
        at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
        at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
        at 
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
        at 
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
        at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
        at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
        at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
        at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
        at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
        at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
        at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
        at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
        at 
org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
        at 
org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
        at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467)
        at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683)
        at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390)
        at 
org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197)
Caused by: javax.security.auth.login.LoginException: Unable to obtain password 
from user

        at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown 
Source)
        at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown 
Source)
        at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.invoke(Unknown Source)
        at javax.security.auth.login.LoginContext.access$000(Unknown Source)
        at javax.security.auth.login.LoginContext$5.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown 
Source)
        at javax.security.auth.login.LoginContext.login(Unknown Source)
        at 
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:686)
        ... 27 more


{code}

Ideally the code should use the keyTab.  Am trying to use the MiniKDC here. 
TestUsersOperationsWithSecureHadoop - this test gets skipped in the actual 
builds i think as it needs the keytab and principle to be passed.  

> Update security unit tests to use a KDC if available
> ----------------------------------------------------
>
>                 Key: HBASE-7781
>                 URL: https://issues.apache.org/jira/browse/HBASE-7781
>             Project: HBase
>          Issue Type: Test
>          Components: security, test
>            Reporter: Gary Helmling
>            Assignee: ramkrishna.s.vasudevan
>            Priority: Blocker
>             Fix For: 0.98.0
>
>
> We currently have large holes in the test coverage of HBase with security 
> enabled.  Two recent examples of bugs which really should have been caught 
> with testing are HBASE-7771 and HBASE-7772.  The long standing problem with 
> testing with security enabled has been the requirement for supporting 
> kerberos infrastructure.
> We need to close this gap and provide some automated testing with security 
> enabled, if necessary standing up and provisioning a temporary KDC as an 
> option for running integration tests, see HADOOP-8078 and HADOOP-9004 where a 
> similar approach was taken.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Reply via email to