[HADOOP-9317] User cannot specify a kerberos keytab for commands - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1
Fix Version/s: None
Component/s: security
Labels:
None

Description

UserGroupInformation only allows kerberos users to be logged in via the ticket cache when running hadoop commands. UGI allows a keytab to be used, but it's only exposed programatically. This forces keytab-based users running hadoop commands to periodically issue a kinit from the keytab. A race condition exists during the kinit when the ticket cache is deleted and re-created. Hadoop commands will fail when the ticket cache does not momentarily exist.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-9317.branch-23.patch
19/Feb/13 16:10
10 kB
Daryn Sharp
HADOOP-9317.patch
19/Feb/13 16:10
9 kB
Daryn Sharp
HADOOP-9317.patch
19/Feb/13 16:58
10 kB
Daryn Sharp
HADOOP-9317.branch-23.patch
19/Feb/13 17:54
10 kB
Daryn Sharp
HADOOP-9317.patch
19/Feb/13 17:54
10 kB
Daryn Sharp
HADOOP-9317.patch
21/May/13 21:05
10 kB
Robert Parker

Activity

People

Assignee:: Daryn Sharp

Reporter:: Daryn Sharp

Votes:: 0 Vote for this issue

Watchers:: 16 Start watching this issue

Dates

Created:: 19/Feb/13 15:50

Updated:: 05/Jun/16 05:49