KDiag (Apache Hadoop Common 3.4.1.300-dep-1001 API)

java.lang.Object
- org.apache.hadoop.conf.Configured
- - org.apache.hadoop.security.KDiag

All Implemented Interfaces:

java.io.Closeable, java.lang.AutoCloseable, Configurable, Tool
```
public class KDiag
extends Configured
implements Tool, java.io.Closeable
```
Kerberos diagnostics This operation expands some of the diagnostic output of the security code, but not all. For completeness Set the environment variable HADOOP_JAAS_DEBUG=true Set the log level for org.apache.hadoop.security=DEBUG

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class KDiag.KerberosDiagsFailure
Diagnostics failures return the exit code 41, "unauthorized".

Nested Classes
Modifier and Type	Class	Description
`static class`	`KDiag.KerberosDiagsFailure`	Diagnostics failures return the exit code 41, "unauthorized".

Field Summary

Fields
Modifier and Type	Field	Description
`static java.lang.String`	`ARG_JAAS`
`static java.lang.String`	`ARG_KEYLEN`
`static java.lang.String`	`ARG_KEYTAB`
`static java.lang.String`	`ARG_NOFAIL`
`static java.lang.String`	`ARG_NOLOGIN`
`static java.lang.String`	`ARG_OUTPUT`
`static java.lang.String`	`ARG_PRINCIPAL`
`static java.lang.String`	`ARG_RESOURCE`
`static java.lang.String`	`ARG_SECURE`
`static java.lang.String`	`ARG_VERIFYSHORTNAME`
`static java.lang.String`	`CAT_CONFIG`
`static java.lang.String`	`CAT_JAAS`
`static java.lang.String`	`CAT_JVM`
`static java.lang.String`	`CAT_KERBEROS`
`static java.lang.String`	`CAT_LOGIN`
`static java.lang.String`	`CAT_OS`
`static java.lang.String`	`CAT_SASL`
`static java.lang.String`	`CAT_TOKEN`
`static java.lang.String`	`CAT_UGI`
`static java.lang.String`	`DFS_DATA_TRANSFER_PROTECTION`
`static java.lang.String`	`DFS_DATA_TRANSFER_SASLPROPERTIES_RESOLVER_CLASS`
`static java.lang.String`	`ETC_KRB5_CONF`
`static java.lang.String`	`ETC_NTP`
`static java.lang.String`	`HADOOP_AUTHENTICATION_IS_DISABLED`
`static java.lang.String`	`HADOOP_JAAS_DEBUG`
`static java.lang.String`	`JAVA_SECURITY_KRB5_CONF`
`static java.lang.String`	`JAVA_SECURITY_KRB5_KDC_ADDRESS`
`static java.lang.String`	`JAVA_SECURITY_KRB5_REALM`
`static int`	`KDIAG_FAILURE`	The exit code for a failure of the diagnostics: 41 == HTTP 401 == unauth.
`static java.lang.String`	`KERBEROS_KINIT_COMMAND`
`static java.lang.String`	`KRB5_CCNAME`	Location of the kerberos ticket cache as passed down via an environment variable.
`static java.lang.String`	`KRB5_CONFIG`	Location of main kerberos configuration file as passed down via an environment variable.
`static java.lang.String`	`NO_DEFAULT_REALM`	String seen in `getDefaultRealm()` exceptions if the user has no realm: "Cannot locate default realm".
`static java.lang.String`	`SUN_SECURITY_JAAS_FILE`
`static java.lang.String`	`SUN_SECURITY_KRB5_DEBUG`
`static java.lang.String`	`SUN_SECURITY_SPNEGO_DEBUG`
`static java.lang.String`	`UNSET`

Constructor Summary

Constructors
Constructor	Description
`KDiag()`
`KDiag(Configuration conf, java.io.PrintWriter out, java.io.File keytab, java.lang.String principal, long minKeyLength, boolean securityRequired)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`void`	`close()`
`void`	`dumpTokens(UserGroupInformation ugi)`	Dump all tokens of a UGI.
`static int`	`exec(Configuration conf, java.lang.String... argv)`	Inner entry point, with no logging or system exits.
`boolean`	`execute()`	Execute diagnostics.
`protected boolean`	`isSimpleAuthentication(Configuration conf)`	Is the authentication method of this configuration "simple"?
`static void`	`main(java.lang.String[] argv)`	Main entry point.
`protected void`	`printDefaultRealm()`	Get the default realm.
`int`	`run(java.lang.String[] argv)`	Execute the command with the given arguments.
`protected void`	`validateKeyLength()`	Fail fast on a JVM without JCE installed.
`protected void`	`validateShortName()`	Verify whether auth_to_local rules transform a principal name

Methods inherited from class org.apache.hadoop.conf.Configured
getConf, setConf

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.hadoop.conf.Configurable
getConf, setConf

- Field Detail
  - KRB5_CCNAME
```
public static final java.lang.String KRB5_CCNAME
```
    Location of the kerberos ticket cache as passed down via an environment variable. This is what kinit will use by default: "KRB5CCNAME"
    
    See Also:
    
    Constant Field Values
  - KRB5_CONFIG
```
public static final java.lang.String KRB5_CONFIG
```
    Location of main kerberos configuration file as passed down via an environment variable.
    
    See Also:
    
    Constant Field Values
  - JAVA_SECURITY_KRB5_CONF
```
public static final java.lang.String JAVA_SECURITY_KRB5_CONF
```
    See Also:
    
    Constant Field Values
  - JAVA_SECURITY_KRB5_REALM
```
public static final java.lang.String JAVA_SECURITY_KRB5_REALM
```
    See Also:
    
    Constant Field Values
  - JAVA_SECURITY_KRB5_KDC_ADDRESS
```
public static final java.lang.String JAVA_SECURITY_KRB5_KDC_ADDRESS
```
    See Also:
    
    Constant Field Values
  - SUN_SECURITY_KRB5_DEBUG
```
public static final java.lang.String SUN_SECURITY_KRB5_DEBUG
```
    See Also:
    
    Constant Field Values
  - SUN_SECURITY_SPNEGO_DEBUG
```
public static final java.lang.String SUN_SECURITY_SPNEGO_DEBUG
```
    See Also:
    
    Constant Field Values
  - SUN_SECURITY_JAAS_FILE
```
public static final java.lang.String SUN_SECURITY_JAAS_FILE
```
    See Also:
    
    Constant Field Values
  - KERBEROS_KINIT_COMMAND
```
public static final java.lang.String KERBEROS_KINIT_COMMAND
```
    See Also:
    
    Constant Field Values
  - HADOOP_AUTHENTICATION_IS_DISABLED
```
public static final java.lang.String HADOOP_AUTHENTICATION_IS_DISABLED
```
    See Also:
    
    Constant Field Values
  - UNSET
```
public static final java.lang.String UNSET
```
    See Also:
    
    Constant Field Values
  - NO_DEFAULT_REALM
```
public static final java.lang.String NO_DEFAULT_REALM
```
    String seen in getDefaultRealm() exceptions if the user has no realm: "Cannot locate default realm".
    
    See Also:
    
    Constant Field Values
  - KDIAG_FAILURE
```
public static final int KDIAG_FAILURE
```
    The exit code for a failure of the diagnostics: 41 == HTTP 401 == unauth.
    
    See Also:
    
    Constant Field Values
  - DFS_DATA_TRANSFER_SASLPROPERTIES_RESOLVER_CLASS
```
public static final java.lang.String DFS_DATA_TRANSFER_SASLPROPERTIES_RESOLVER_CLASS
```
    See Also:
    
    Constant Field Values
  - DFS_DATA_TRANSFER_PROTECTION
```
public static final java.lang.String DFS_DATA_TRANSFER_PROTECTION
```
    See Also:
    
    Constant Field Values
  - ETC_KRB5_CONF
```
public static final java.lang.String ETC_KRB5_CONF
```
    See Also:
    
    Constant Field Values
  - ETC_NTP
```
public static final java.lang.String ETC_NTP
```
    See Also:
    
    Constant Field Values
  - HADOOP_JAAS_DEBUG
```
public static final java.lang.String HADOOP_JAAS_DEBUG
```
    See Also:
    
    Constant Field Values
  - CAT_CONFIG
```
public static final java.lang.String CAT_CONFIG
```
    See Also:
    
    Constant Field Values
  - CAT_JAAS
```
public static final java.lang.String CAT_JAAS
```
    See Also:
    
    Constant Field Values
  - CAT_JVM
```
public static final java.lang.String CAT_JVM
```
    See Also:
    
    Constant Field Values
  - CAT_KERBEROS
```
public static final java.lang.String CAT_KERBEROS
```
    See Also:
    
    Constant Field Values
  - CAT_LOGIN
```
public static final java.lang.String CAT_LOGIN
```
    See Also:
    
    Constant Field Values
  - CAT_OS
```
public static final java.lang.String CAT_OS
```
    See Also:
    
    Constant Field Values
  - CAT_SASL
```
public static final java.lang.String CAT_SASL
```
    See Also:
    
    Constant Field Values
  - CAT_UGI
```
public static final java.lang.String CAT_UGI
```
    See Also:
    
    Constant Field Values
  - CAT_TOKEN
```
public static final java.lang.String CAT_TOKEN
```
    See Also:
    
    Constant Field Values
  - ARG_KEYLEN
```
public static final java.lang.String ARG_KEYLEN
```
    See Also:
    
    Constant Field Values
  - ARG_KEYTAB
```
public static final java.lang.String ARG_KEYTAB
```
    See Also:
    
    Constant Field Values
  - ARG_JAAS
```
public static final java.lang.String ARG_JAAS
```
    See Also:
    
    Constant Field Values
  - ARG_NOFAIL
```
public static final java.lang.String ARG_NOFAIL
```
    See Also:
    
    Constant Field Values
  - ARG_NOLOGIN
```
public static final java.lang.String ARG_NOLOGIN
```
    See Also:
    
    Constant Field Values
  - ARG_OUTPUT
```
public static final java.lang.String ARG_OUTPUT
```
    See Also:
    
    Constant Field Values
  - ARG_PRINCIPAL
```
public static final java.lang.String ARG_PRINCIPAL
```
    See Also:
    
    Constant Field Values
  - ARG_RESOURCE
```
public static final java.lang.String ARG_RESOURCE
```
    See Also:
    
    Constant Field Values
  - ARG_SECURE
```
public static final java.lang.String ARG_SECURE
```
    See Also:
    
    Constant Field Values
  - ARG_VERIFYSHORTNAME
```
public static final java.lang.String ARG_VERIFYSHORTNAME
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - KDiag
```
public KDiag(Configuration conf,
             java.io.PrintWriter out,
             java.io.File keytab,
             java.lang.String principal,
             long minKeyLength,
             boolean securityRequired)
```
  - KDiag
```
public KDiag()
```
- Method Detail
  - close
```
public void close()
           throws java.io.IOException
```
    Specified by:
    
    close in interface java.lang.AutoCloseable
    
    Specified by:
    
    close in interface java.io.Closeable
    
    Throws:
    
    java.io.IOException
  - run
```
public int run(java.lang.String[] argv)
        throws java.lang.Exception
```
    Description copied from interface: Tool
    
    Execute the command with the given arguments.
    
    Specified by:
    
    run in interface Tool
    
    Parameters:
    
    argv - command specific arguments.
    
    Returns:
    
    exit code.
    
    Throws:
    
    java.lang.Exception - command exception.
  - execute
```
public boolean execute()
                throws java.lang.Exception
```
    Execute diagnostics.
    Things it would be nice if UGI made accessible
    1. A way to enable JAAS debug programatically
    2. Access to the TGT
    Returns:
    
    true if security was enabled and all probes were successful
    
    Throws:
    
    KDiag.KerberosDiagsFailure - explicitly raised failure
    
    java.lang.Exception - other security problems
  - isSimpleAuthentication
```
protected boolean isSimpleAuthentication(Configuration conf)
```
    Is the authentication method of this configuration "simple"?
    
    Parameters:
    
    conf - configuration to check
    
    Returns:
    
    true if auth is simple (i.e. not kerberos)
  - validateKeyLength
```
protected void validateKeyLength()
                          throws java.security.NoSuchAlgorithmException
```
    Fail fast on a JVM without JCE installed. This is a recurrent problem (that is: it keeps creeping back with JVM updates); a fast failure is the best tactic.
    
    Throws:
    
    java.security.NoSuchAlgorithmException - when a particular cryptographic algorithm is requested but is not available in the environment.
  - validateShortName
```
protected void validateShortName()
```
    Verify whether auth_to_local rules transform a principal name
    Having a local user name "bar@foo.com" may be harmless, so it is noted at info. However if what was intended is a transformation to "bar" it can be difficult to debug, hence this check.
  - printDefaultRealm
```
protected void printDefaultRealm()
```
    Get the default realm.
    Not having a default realm may be harmless, so is noted at info. All other invocation failures are downgraded to warn, as follow-on actions may still work. Failure to invoke the method via introspection is considered a failure, as it's a sign of JVM compatibility issues that may have other consequences
  - dumpTokens
```
public void dumpTokens(UserGroupInformation ugi)
```
    Dump all tokens of a UGI.
    
    Parameters:
    
    ugi - UGI to examine
  - exec
```
public static int exec(Configuration conf,
                       java.lang.String... argv)
                throws java.lang.Exception
```
    Inner entry point, with no logging or system exits.
    
    Parameters:
    
    conf - configuration
    
    argv - argument list
    
    Returns:
    
    an exception
    
    Throws:
    
    java.lang.Exception - Exception.
  - main
```
public static void main(java.lang.String[] argv)
```
    Main entry point.
    
    Parameters:
    
    argv - args list

Class KDiag

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.apache.hadoop.conf.Configured

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.hadoop.conf.Configurable

Field Detail

KRB5_CCNAME

KRB5_CONFIG

JAVA_SECURITY_KRB5_CONF

JAVA_SECURITY_KRB5_REALM

JAVA_SECURITY_KRB5_KDC_ADDRESS

SUN_SECURITY_KRB5_DEBUG

SUN_SECURITY_SPNEGO_DEBUG

SUN_SECURITY_JAAS_FILE

KERBEROS_KINIT_COMMAND

HADOOP_AUTHENTICATION_IS_DISABLED

UNSET

NO_DEFAULT_REALM

KDIAG_FAILURE

DFS_DATA_TRANSFER_SASLPROPERTIES_RESOLVER_CLASS

DFS_DATA_TRANSFER_PROTECTION

ETC_KRB5_CONF

ETC_NTP

HADOOP_JAAS_DEBUG

CAT_CONFIG

CAT_JAAS

CAT_JVM

CAT_KERBEROS

CAT_LOGIN

CAT_OS

CAT_SASL

CAT_UGI

CAT_TOKEN

ARG_KEYLEN

ARG_KEYTAB

ARG_JAAS

ARG_NOFAIL

ARG_NOLOGIN

ARG_OUTPUT

ARG_PRINCIPAL

ARG_RESOURCE

ARG_SECURE

ARG_VERIFYSHORTNAME

Constructor Detail

KDiag

KDiag

Method Detail

close

run

execute

isSimpleAuthentication

validateKeyLength

validateShortName

printDefaultRealm

dumpTokens

exec

main