Skip to content

Commit e59b810

Browse files
committed
Merge branch 'master' of github.com:steveloughran/kerberos_and_hadoop
* 'master' of github.com:steveloughran/kerberos_and_hadoop: Update book.json Update sections/kerberos_the_madness.md Update sections/errors.md # Conflicts: # book.json
2 parents 05d8373 + 39feb70 commit e59b810

File tree

3 files changed

+8
-17
lines changed

3 files changed

+8
-17
lines changed

book.json

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,6 @@
1414
"printlinks",
1515
"include-codeblock"],
1616
"pluginsConfig": {
17-
"fontSettings": {
18-
"theme": "night",
19-
"family": "serif",
20-
"size": 1
21-
},
2217
"autocover": {
2318
"title": "Kerberos and Hadoop: The Madness Beyond the Gate",
2419
"author": "Steve Loughran",
@@ -37,22 +32,17 @@
3732
}
3833
},
3934
"pdf": {
40-
4135
"pageNumbers": true,
42-
4336
"fontSize": 11,
44-
4537
"paperSize": "a4",
46-
47-
4838
"margin": {
4939
"right": 62,
5040
"left": 62,
5141
"top": 36,
5242
"bottom": 36
5343
},
5444

55-
"comment":"//Header HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",
45+
"comment-1":"//Header HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",
5646
"headerTemplate-off": "_TITLE_",
5747

5848
"comment":"//Footer HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",

sections/errors.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ Switch to openjdk or go to your JVM supplier (Oracle, IBM) and download the JCE
5555

5656
This may appear in a stack trace starting with something like:
5757

58-
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
58+
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
5959

6060
Possible causes:
6161

@@ -66,7 +66,7 @@ Possible causes:
6666

6767
## Clock skew too great
6868

69-
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) . . . Caused by: javax.security.auth.login.LoginException: Clock skew too great
69+
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) . . . Caused by: javax.security.auth.login.LoginException: Clock skew too great
7070

7171
GSSException: No valid credentials provided (Mechanism level: Clock skew too great (37) - PROCESS_TGS
7272

@@ -117,7 +117,7 @@ offers, then the client fails. Workaround: don't use those versions of Java.
117117

118118
This has been seen in the HTTP logs of Hadoop REST/Web UIs:
119119

120-
WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature
120+
WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature
121121

122122
This means that the caller did not have the credentials to talk to a Kerberos-secured channel.
123123

sections/kerberos_the_madness.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11

2-
# Hadoop and Kerberos: The Madness beyond the Gate
2+
# Hadoop and Kerberos: The Madness Beyond the Gate
33

44

55
Authors:
@@ -27,12 +27,13 @@ And forever more, we shall fear those voices calling out to us in the night, the
2727
| Ancient, evil deities oblivious to humanity | Kerberos Domain Controller |
2828
| Books whose reading will drive the reader insane | IETF RFC 4120 |
2929
| Entities which are never spoken of aloud | UserGroupInformation |
30+
| People driven insane by their knowledge | You |
3031

3132
This documents contains the notes from previous people who have delved too deep into the mysteries of Apache™ Hadoop® and Kerberos, who have read the forbidden source code, maybe who have even contributed to it. If you wish to preserve your innocence, to view the world as a place of happiness: stop now.
3233

3334
## Disclaimer
3435

35-
This document is a collection of notes based on the experience of the author. There are no guarantees that any of the information contained within was correct at the time of writing, let alone the time of reading. The author does not accept any responsibility for actions made on the basis of the information contained herein, be it correct or or incorrect.
36+
This document is a collection of notes based on the experience of the author. There are no guarantees that any of the information contained within was correct at the time of writing, let alone the time of reading. The author does not accept any responsibility for actions made on the basis of the information contained herein, be it correct or incorrect.
3637

3738
The reader of this document is likely to leave with some basic realisation that Kerberos, while important, is an uncontrolled force of suffering and devastation. The author does not accept any responsibility for the consequences of such knowledge.
3839

@@ -111,7 +112,7 @@ security: the authentication and authentication comes first. Encryption adds a n
111112
secure key management, as well as the inevitable performance overhead. It also complicates
112113
some aspects of HDFS use.
113114

114-
Data stored in HDFS by applications is implicitly encrypted. However applications like
115+
Data stored in HDFS by applications is implicitly encrypted. However, applications like
115116
Hive have had to be reworked to ensure
116117
that when making queries across encrypted datasets, temporary data files are also stored
117118
in the same encryption zone, to stop the intermediate data being stored unencrypted.

0 commit comments

Comments
 (0)