[HADOOP-14351] Azure: RemoteWasbAuthorizerImpl and RemoteSASKeyGeneratorImpl should not use Kerberos interactive user cache - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.9.0
Fix Version/s: 2.9.0, 3.0.0-alpha4
Component/s: fs/azure
Labels:
None

Target Version/s:

2.9.0, 3.0.0-alpha4
Hadoop Flags:

Reviewed

Description

Currently, RemoteWasbAuthorizerImpl.getRelativeBlobSASUri(), RemoteWasbAuthorizerImpl.getContainerSASUri() and RemoteSASKeyGeneratorImpl.authorize() use Kerberos interactive user's ticket cache if the kerberos credential is not available for UserGroupInformation.getCurrentUser() or UserGroupInformation.getRealUser().
It results in usage of interactive user's ticket for impersonation, whenever services try to do File System operations as another user, which is incorrect.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14351.1.patch
25/Apr/17 16:22
8 kB
Santhosh G Nayak
HADOOP-14351.2.patch
26/Apr/17 11:25
9 kB
Santhosh G Nayak

Activity

People

Assignee:: Santhosh G Nayak

Reporter:: Santhosh G Nayak

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 25/Apr/17 15:53

Updated:: 26/Apr/17 23:53

Resolved:: 26/Apr/17 20:58