[
https://issues.apache.org/jira/browse/HBASE-30042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18071515#comment-18071515
]
Hudson commented on HBASE-30042:
--------------------------------
Results for branch branch-2.5
[build #805 on
builds.a.o|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/]:
(x) *{color:red}-1 overall{color}*
----
details (if available):
(/) {color:green}+1 general checks{color}
-- For more information [see general
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/General_20Nightly_20Build_20Report/]
(x) {color:red}-1 jdk8 hadoop2 checks{color}
-- For more information [see jdk8 (hadoop2)
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/]
(x) {color:red}-1 jdk8 hadoop3 checks{color}
-- For more information [see jdk8 (hadoop3)
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(x) {color:red}-1 jdk11 hadoop3 checks{color}
-- For more information [see jdk11
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/]
(/) {color:green}+1 jdk17 hadoop3 checks{color}
-- For more information [see jdk17
report|https://ci-hbase.apache.org/job/HBase%20Nightly/job/branch-2.5/805/JDK17_20Nightly_20Build_20Report_20_28Hadoop3_29/]
> AuthUtil.loginClient fails when another Kerberos user is already logged in
> --------------------------------------------------------------------------
>
> Key: HBASE-30042
> URL: https://issues.apache.org/jira/browse/HBASE-30042
> Project: HBase
> Issue Type: Test
> Components: test
> Reporter: JinHyuk Kim
> Assignee: JinHyuk Kim
> Priority: Minor
> Labels: pull-request-available
> Fix For: 2.7.0, 3.0.0-beta-2, 2.5.15, 2.6.6
>
>
> h1. Problem
> {{AuthUtil.loginClient(conf)}} may fail in test environments *when the JVM
> already has Kerberos credentials from a different principal* (e.g., via
> {{{}kinit{}}}).
> In this case, the method may reuse the existing login user instead of using
> the configured keytab and principal, leading to unexpected behavior.
> For example, calling {{user.getShortName()}} may throw:
> {code:java}
> Caused by: java.lang.IllegalArgumentException: Illegal principal name
> [email protected]:
> org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
> No rules applied to [email protected] at
> org.apache.hadoop.security.User.<init>(User.java:51) at
> org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:225)
> ... 52 moreCaused by:
> org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
> No rules applied to [email protected] at
> org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:429)
> at org.apache.hadoop.security.User.<init>(User.java:48) ... 53 more {code}
> This typically occurs when the existing principal belongs to a different
> realm than the test configuration (e.g., MiniKdc realm), and the default
> {{auth_to_local}} rule does not apply.
> This issue is especially reproducible when running tests locally with
> existing Kerberos credentials
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
