Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11482

Use correct UGI when KMSClientProvider is called by a proxy user

    XMLWordPrintableJSON

Details

    Description

      Long Living clients of HDFS (For eg. OOZIE) use cached DFSClients which in turn use a cached KMSClientProvider to talk to KMS.

      Before an MR Job is run, the job client calls the DFClient.addDelegationTokens() method which calls addDelegationTokens() on the KMSClientProvider to get any delegation token associated to the user.

      Unfortunately, this call uses a cached DelegationTokenAuthenticationURL.Token instance which can cause the SignerSecretProvider implementation of the AuthenticationFilter at the KMS Server end to fail validation. Which results in the MR job itself failing.

      Attachments

        1. HADOOP-11482.1.patch
          4 kB
          Arun Suresh
        2. HADOOP-11482.2.patch
          4 kB
          Arun Suresh

        Activity

          People

            asuresh Arun Suresh
            asuresh Arun Suresh
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: