Merge branch 'master' of github.com:steveloughran/kerberos_and_hadoop

steveloughran · steveloughran · commit e59b8103161f · 2015-10-08T10:57:11.000+01:00
* 'master' of github.com:steveloughran/kerberos_and_hadoop:
  Update book.json
  Update sections/kerberos_the_madness.md
  Update sections/errors.md

# Conflicts:
#	book.json
diff --git a/book.json b/book.json
@@ -14,11 +14,6 @@
       "printlinks",
       "include-codeblock"],
     "pluginsConfig": {
-      "fontSettings": {
-          "theme": "night",
-          "family": "serif",
-          "size": 1
-      },
         "autocover": {
           "title": "Kerberos and Hadoop: The Madness Beyond the Gate",
               "author": "Steve Loughran",
@@ -37,22 +32,17 @@
         }
     },
     "pdf": {
-
         "pageNumbers": true,
-
         "fontSize": 11,
-
         "paperSize": "a4",
-
-
         "margin": {
             "right": 62,
             "left": 62,
             "top": 36,
             "bottom": 36
         },
 
-        "comment":"//Header HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",
+        "comment-1":"//Header HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",
         "headerTemplate-off": "_TITLE_",
 
         "comment":"//Footer HTML template. Available variables: _PAGENUM_, _TITLE_, _AUTHOR_ and _SECTION_.",
diff --git a/sections/errors.md b/sections/errors.md
@@ -55,7 +55,7 @@ Switch to openjdk or go to your JVM supplier (Oracle, IBM) and download the JCE
 
 This may appear in a stack trace starting with something like:
 
-		javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
+	javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
 
 Possible causes:
 
@@ -66,7 +66,7 @@ Possible causes:
 
 ## Clock skew too great
 
-		GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) . . . Caused by: javax.security.auth.login.LoginException: Clock skew too great
+	GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null)) . . . Caused by: javax.security.auth.login.LoginException: Clock skew too great
 
     GSSException: No valid credentials provided (Mechanism level: Clock skew too great (37) - PROCESS_TGS
 
@@ -117,7 +117,7 @@ offers, then the client fails. Workaround: don't use those versions of Java.
 
 This has been seen in the HTTP logs of Hadoop REST/Web UIs:
 
-	WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature
+    WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: AuthenticationToken ignored: org.apache.hadoop.security.authentication.util.SignerException: Invalid signature
 
 This means that the caller did not have the credentials to talk to a Kerberos-secured channel.
 
diff --git a/sections/kerberos_the_madness.md b/sections/kerberos_the_madness.md
@@ -1,5 +1,5 @@
 
-# Hadoop and Kerberos: The Madness beyond the Gate
+# Hadoop and Kerberos: The Madness Beyond the Gate
 
 
 Authors:
@@ -27,12 +27,13 @@ And forever more, we shall fear those voices calling out to us in the night, the
 | Ancient, evil deities oblivious to humanity           | Kerberos Domain Controller |
 | Books whose reading will drive the reader insane      | IETF RFC 4120              |
 | Entities which are never spoken of aloud              | UserGroupInformation       |
+| People driven insane by their knowledge               | You                        |
 
 This documents contains the notes from previous people who have delved too deep into the mysteries of Apache&trade; Hadoop&reg; and Kerberos, who have read the forbidden source code, maybe who have even contributed to it. If you wish to preserve your innocence, to view the world as a place of happiness: stop now.
 
 ## Disclaimer
 
-This document is a collection of notes based on the experience of the author. There are no guarantees that any of the information contained within was correct at the time of writing, let alone the time of reading. The author does not accept any responsibility for actions made on the basis of the information contained herein, be it correct or or incorrect.
+This document is a collection of notes based on the experience of the author. There are no guarantees that any of the information contained within was correct at the time of writing, let alone the time of reading. The author does not accept any responsibility for actions made on the basis of the information contained herein, be it correct or incorrect.
 
 The reader of this document is likely to leave with some basic realisation that Kerberos, while important, is an uncontrolled force of suffering and devastation. The author does not accept any responsibility for the consequences of such knowledge.
 
@@ -111,7 +112,7 @@ security: the authentication and authentication comes first. Encryption adds a n
 secure key management, as well as the inevitable performance overhead. It also complicates
 some aspects of HDFS use.
 
-Data stored in HDFS by applications is implicitly encrypted. However applications like 
+Data stored in HDFS by applications is implicitly encrypted. However, applications like 
 Hive have had to be reworked to ensure 
 that when making queries across encrypted datasets, temporary data files are also stored
 in the same encryption zone, to stop the intermediate data being stored unencrypted.
