Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
Fixing a bunch of tests, I've found that the following is hard to work around:
KerberosToken.java
public KerberosToken() throws IOException { this(UserGroupInformation.getCurrentUser().getUserName()); }
It makes the client API harder to manage because you have to be logged in as the user you intend to be acting as. So, things like creating a new user "user" as a different user "root" is non-intuitive.
Server-side, I know there is at least one place that we construct a KerberosToken which only works because the server is already logged in (but it's just used as a place holder and not as a substitute for some other user's credentials).
I think we want to remove the check (make it an empty constructor), but I'm not sure what other checks would be desired/necessary to the constructors that accept arguments.