[HADOOP-13526] Add detailed logging in KMS for the authentication failure of proxy user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.9.0, 3.0.0-alpha1
Component/s: kms
Labels:
None
Environment:

RHEL

Hadoop Flags:

Reviewed

Description

Problem :
User A was not able to write a file to HDFS Encryption Zone. It was resolved by adding proxy user A in kms-site.xml
However, the logs showed :

2016-08-10 19:32:08,954 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request https://vm.example.com:16000/kms/v1/keyversion/aMxsSSKmMEzINTIrKURpFJgHnZxiOvsT9L1nMpbUoGu/_eek?eek_op=decrypt&doAs=userb&user.name=usera user [usera] authenticated

Possible Solution :
So the message which says the user was successfully authenticated comes from AuthenticationFilter.java. However, when the filter on DelegationTokenAuthenticationFilter is called it hits an exception there and there is no log message there. This leads to the confusion that we have had a success while the exception happens in the next class.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-13526.patch.3
22/Aug/16 23:00
2 kB
Suraj Acharya
HADOOP-13526.patch.2
22/Aug/16 21:55
2 kB
Suraj Acharya
HADOOP-13526.patch.1
22/Aug/16 21:37
2 kB
Suraj Acharya
HADOOP-13526.patch
22/Aug/16 02:33
2 kB
Suraj Acharya

Activity

People

Assignee:: Suraj Acharya

Reporter:: Suraj Acharya

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 20/Aug/16 23:43

Updated:: 23/Aug/16 03:23

Resolved:: 23/Aug/16 01:11