Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11176

KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: None
    • Labels:
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In a secure environment, with kerberos, when the KMSClientProvider instance is created in the context of a proxied user, The initial SPNEGO handshake is made with the currentUser (the proxied user) as the Principal.. this will fail, since the proxied user is not logged in.
      The handshake must be done using the real user.

        Attachments

        1. HADOOP-11176.1.patch
          9 kB
          Arun Suresh
        2. HADOOP-11176.2.patch
          8 kB
          Arun Suresh
        3. HADOOP-11176.3.patch
          11 kB
          Arun Suresh

          Activity

            People

            • Assignee:
              asuresh Arun Suresh
              Reporter:
              asuresh Arun Suresh
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: