Suraj Acharya created HADOOP-13526: -------------------------------------- Summary: Add detailed logging in KMS log for the authentication failure of proxy user Key: HADOOP-13526 URL: https://issues.apache.org/jira/browse/HADOOP-13526 Project: Hadoop Common Issue Type: Bug Components: kms Environment: RHEL Reporter: Suraj Acharya Priority: Minor
Problem : User A was not able to write a file to HDFS Encryption Zone. It was resolved by adding proxy user A in kms-site.xml However, the logs showed : {code}2016-08-10 19:32:08,954 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request https://vm.example.com:16000/kms/v1/keyversion/aMxsSSKmMEzINTIrKURpFJgHnZxiOvsT9L1nMpbUoGu/_eek?eek_op=decrypt&doAs=userb&user.name=usera user [usera] authenticated{code} Possible Solution : So the message which says the user was successfully authenticated comes from {{AuthenticationFilter.java}}. However, when the filter on {{DelegationTokenAuthenticationFilter}} is called it hits an exception there and there is no log message there. This leads to the confusion that we have had a success while the exception happens in the next class. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org