[HADOOP-11176] KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.6.0
Component/s: None
Labels:
- encryption

Target Version/s:

2.6.0
Hadoop Flags:

Reviewed

Description

In a secure environment, with kerberos, when the KMSClientProvider instance is created in the context of a proxied user, The initial SPNEGO handshake is made with the currentUser (the proxied user) as the Principal.. this will fail, since the proxied user is not logged in.
The handshake must be done using the real user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11176.3.patch
10/Oct/14 03:21
11 kB
Arun Suresh
HADOOP-11176.2.patch
08/Oct/14 18:16
8 kB
Arun Suresh
HADOOP-11176.1.patch
08/Oct/14 16:06
9 kB
Arun Suresh

Activity

People

Assignee:: Arun Suresh

Reporter:: Arun Suresh

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 08/Oct/14 16:01

Updated:: 01/Dec/14 03:09

Resolved:: 14/Oct/14 01:15