[ https://issues.apache.org/jira/browse/HBASE-7781?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13855536#comment-13855536 ]
ramkrishna.s.vasudevan commented on HBASE-7781: ----------------------------------------------- If my realm is hbase@HADOOP.LOCALDOMAIN, what should be the contents of the keytab file? I get this error {code} java.io.IOException: Login failure for hbase@HADOOP.LOCALDOMAIN from keytab hbase.keytab at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:695) at org.apache.hadoop.hbase.security.HBaseKerberosUtils.login(HBaseKerberosUtils.java:116) at org.apache.hadoop.hbase.security.TestUsersOperationsWithSecureHadoop.testUserLoginInSecureHadoop(TestUsersOperationsWithSecureHadoop.java:88) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) at org.junit.runners.ParentRunner.run(ParentRunner.java:309) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Unknown Source) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$5.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:686) ... 27 more {code} Ideally the code should use the keyTab. Am trying to use the MiniKDC here. TestUsersOperationsWithSecureHadoop - this test gets skipped in the actual builds i think as it needs the keytab and principle to be passed. > Update security unit tests to use a KDC if available > ---------------------------------------------------- > > Key: HBASE-7781 > URL: https://issues.apache.org/jira/browse/HBASE-7781 > Project: HBase > Issue Type: Test > Components: security, test > Reporter: Gary Helmling > Assignee: ramkrishna.s.vasudevan > Priority: Blocker > Fix For: 0.98.0 > > > We currently have large holes in the test coverage of HBase with security > enabled. Two recent examples of bugs which really should have been caught > with testing are HBASE-7771 and HBASE-7772. The long standing problem with > testing with security enabled has been the requirement for supporting > kerberos infrastructure. > We need to close this gap and provide some automated testing with security > enabled, if necessary standing up and provisioning a temporary KDC as an > option for running integration tests, see HADOOP-8078 and HADOOP-9004 where a > similar approach was taken. -- This message was sent by Atlassian JIRA (v6.1.5#6160)