kdiag | standalone kdiag kerberos diagnostics

by steveloughran Java Version: release-1.0 License: Apache-2.0

X-Ray Key Features Code Snippets(3)Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | kdiag Summary

kdiag is a Java library typically used in Big Data, Spark, Hadoop applications. kdiag has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.

standalone kdiag "kerberos diagnostics for Hadoop", for use on Hadoop 2.6+

Support

Quality

Security

License

Reuse

Support

kdiag has a low active ecosystem.

It has 8 star(s) with 0 fork(s). There are 2 watchers for this library.

It had no major release in the last 12 months.

kdiag has no issues reported. There are no pull requests.

It has a neutral sentiment in the developer community.

The latest version of kdiag is release-1.0

Quality

kdiag has 0 bugs and 0 code smells.

Security

kdiag has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

kdiag code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

kdiag is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

kdiag releases are available to install and integrate.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

Top functions reviewed by kandi - BETA

kandi has reviewed kdiag and discovered the below as its top functions. This is intended to give you an instant insight into kdiag implemented functionality, and help decide if they suit your requirements.

Entry point for the command line tool
Executes diagnostics
Log user from a keytab
Dump a UGI
Entry point
Main entry point
Prints a line of output
Print a new line
Flush output stream
Flush the output channels

Get all kandi verified functions for this library.

kdiag Key Features

No Key Features are available at this moment for kdiag.

kdiag Examples and Code Snippets

Usage

Java

Lines of Code : 18

License : Permissive (Apache-2.0)

Copy

KDiag: Diagnose Kerberos Problems
  [-D key=value] : Define a configuration option.
  [--jaas] : Require a JAAS file to be defined in java.security.auth.login.config.
  [--keylen ] : Require a minimum size for encryption keys supported by the JVM. De

default

Java

Lines of Code : 11

License : Permissive (Apache-2.0)

Copy

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

 http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law o

Example

Java

Lines of Code : 5

License : Permissive (Apache-2.0)

Copy

hdfs org.apache.hadoop.security.KDiag \
  --nofail \
  --resource hbase-default.xml --resource hbase-site.xml \
  --keylen 1024 \
  --keytab zk.service.keytab --principal zookeeper/devix.example.org@REALM

Community Discussions

Trending Discussions on kdiag

Kerberized Hadoop Login failure for user ... LoginException: Checksum failed

QUESTION

Kerberized Hadoop Login failure for user ... LoginException: Checksum failed

Asked 2020-Mar-03 at 00:11

Environment:

Hadoop 2.9.2
Kerberos 5 release 1.15.1
RHEL 7

Error

Exception in Hadoop datanode log that prevents startup.

The log entry is:

...

ANSWER

Answered 2020-Mar-03 at 00:11

Option 1

Remove renew_lifetime from krb5.conf

According to this

Option 2

Ensure renew_lifetime, ticket_lifetime and max_renewable_life are set.

Example working config

Source https://stackoverflow.com/questions/60498358

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install kdiag

You can download it from GitHub.
You can use kdiag like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the kdiag component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

Apache Hadoop 2.8 added tool to aid validating setup: KDiag; this is a standalone version for use on Hadoop 2.6+. KDiag contains a series of probes for the JVM's configuration and the environment, dumps out some system files (/etc/krb5.conf, /etc/ntp.conf), prints out some system state and then attempts to log in to Kerberos as the current user, or a specific principal in a named keytab. The output of the command can be used for local diagnostics, or forwarded to whoever supports the cluster. The KDiag command has its own entry point; it is currently not hooked up to the end-user CLI. It is invoked simply by passing its full classname to one of the bin/hadoop, bin/hdfs or bin/yarn commands. Accordingly, it will display the kerberos client state of the command used to invoke it. The command returns a status code of 0 for a successful diagnostics run. This does not imply that Kerberos is working —merely that the KDiag command did not identify any problem from its limited set of probes. In particular, as it does not attempt to connect to any remote service, it does not verify that the client is trusted by any service. If unsuccessful, exit codes are.

Find more information at: