Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14351

Azure: RemoteWasbAuthorizerImpl and RemoteSASKeyGeneratorImpl should not use Kerberos interactive user cache

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.9.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha4
    • Component/s: fs/azure
    • Labels:
      None

      Description

      Currently, RemoteWasbAuthorizerImpl.getRelativeBlobSASUri(), RemoteWasbAuthorizerImpl.getContainerSASUri() and RemoteSASKeyGeneratorImpl.authorize() use Kerberos interactive user's ticket cache if the kerberos credential is not available for UserGroupInformation.getCurrentUser() or UserGroupInformation.getRealUser().
      It results in usage of interactive user's ticket for impersonation, whenever services try to do File System operations as another user, which is incorrect.

        Attachments

        1. HADOOP-14351.1.patch
          8 kB
          Santhosh G Nayak
        2. HADOOP-14351.2.patch
          9 kB
          Santhosh G Nayak

          Activity

            People

            • Assignee:
              snayak Santhosh G Nayak
              Reporter:
              snayak Santhosh G Nayak
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: