Uploaded image for project: 'Accumulo'
  1. Accumulo
  2. ACCUMULO-3568

getDiskUsage server implementation recreates Connector from user credentials

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • None
    • 1.7.0
    • tserver
    • None

    • kerberos

    Description

      The server-side impl for TableOperationsImpl.getDiskUsage pulls the credentials from the RPC and makes a Connector from them instead of using its own credentials. With Kerberos enabled, this results in the server "accumulo/hostname@REALM" trying to act as "user@REALM" which (correctly) fails.

      The getDiskUsage implementation should use its own Connector (using the SystemToken from the ServerContext), perform the correct security checks for permissions and act on behalf of the user instead of trying to be the user.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. ACCUMULO-2815 Kerberos authentication for clients

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              elserj Josh Elser
              elserj Josh Elser
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 10m
                  10m