Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow all Kerberos principals to issue renewable tickets #162

Merged
merged 3 commits into from
Sep 7, 2023
Merged

Allow all Kerberos principals to issue renewable tickets #162

merged 3 commits into from
Sep 7, 2023

Conversation

hashhar
Copy link
Member

@hashhar hashhar commented Mar 26, 2023

Without this change if the krb5.conf is configured to issue renewable tickets by adding a non-zero renew_lifetime entry the JDK runs into errors like

RuntimeException: LoginException: Message stream modified (41)

This is related to the JDK bug
https://bugs.openjdk.java.net/browse/JDK-8131051 and can be worked around by configuring the principals differently.

@cla-bot cla-bot bot added the cla-signed label Mar 26, 2023
@hashhar hashhar mentioned this pull request Mar 26, 2023
Merged
@hashhar hashhar mentioned this pull request Sep 6, 2023
Merged
nineinchnick
nineinchnick approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@nineinchnick nineinchnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you rebase and also add these changes in the new hdp3.1-hive-kerberized-2 image?

archived/cdh5.15-hive-kerberized-kms/Dockerfile Outdated Show resolved Hide resolved
testing/cdh5.12-hive-kerberized/Dockerfile Outdated Show resolved Hide resolved
testing/hdp3.1-hive-kerberized/Dockerfile Outdated Show resolved Hide resolved
@hashhar hashhar force-pushed the hashhar/kerberos-renweable branch 2 times, most recently from 3e7ed34 to 5ebf902 Compare September 7, 2023 06:22
@hashhar
Rename archived/cdh5.12-hive to clarify it's JDK8 based
0ad70d0 
In next commit we'll archive the cdh5.12 images which have same names as
the existing archived images.
@hashhar
Archive cdh5.12 images since they are unused
7879080
@hashhar
Allow all Kerberos principals to issue renewable tickets
a7e2c80 
Without this change if the krb5.conf is configured to issue renewable
tickets by adding a non-zero `renew_lifetime` entry the JDK runs into
errors like

    RuntimeException: LoginException: Message stream modified (41)

This is related to the JDK bug
https://bugs.openjdk.java.net/browse/JDK-8131051 and can be worked
around by configuring the principals differently.
@wendigo
Copy link
Contributor

wendigo commented Sep 7, 2023

Thanks for archiving old images - less to build and release

nineinchnick
nineinchnick reviewed Sep 7, 2023
View reviewed changes
archived/cdh5.12-hive/Dockerfile
@@ -10,57 +10,23 @@
# See the License for the specific language governing permissions and
# limitations under the License.

FROM testing/centos6-oj8:unlabelled
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should just delete these. They're archived in the git commit history. IIUC, the contents of the archived dir is a reference for the images we can only rebuild using previous versions, where original repositories are no longer available. If we remove them, we don't need the references either.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that's exactly the case. Any image we are no longer using went to archived. See example dns and phoenix4 and all the centos based images.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do agree that we could just delete instead of keeping the archived folder around but I consider that to be out of scope for this PR.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's no point in keeping unused images there, that's what git is for.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll submit a follow-up PR.

@hashhar hashhar merged commit c104b3b into trinodb:master Sep 7, 2023
16 checks passed
@hashhar hashhar deleted the hashhar/kerberos-renweable branch September 7, 2023 10:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nineinchnick nineinchnick nineinchnick approved these changes

@wendigo wendigo wendigo approved these changes

@Praveen2112 Praveen2112 Awaiting requested review from Praveen2112

Assignees
No one assigned
Labels
cla-signed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hashhar @wendigo @nineinchnick