Uploaded image for project: 'Apache Ozone'
  1. Apache Ozone
  2. HDDS-8718

Kerberos authentication not working for GrpcOmTransport

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.4.0
    • 1.4.0
    • OM, S3

    Description

      In current implementation of GrpcOmTransport we do not passing information about Kerberos token between client and server. That's lead to broken GetSecret and RevokeSecret commands if we are switching to GrpcOmTransport. 

      Right now ozone cli forced to use Hadoop3OmTransport so issues do not manifests itself at the moment. But implementation of HDDS-8050 currently blocked by this bug. 

      To reproduce it one can simply need to change 

      org.apache.hadoop.ozone.om.protocolPB.Hadoop3OmTransportFactory

       to 

      org.apache.hadoop.ozone.om.protocolPB.GrpcOmTransport

       in 

      hadoop-ozone/tools/src/main/resources/META-INF/services/org.apache.hadoop.ozone.om.protocolPB.OmTransportFactory

       . And execute following commands: 

      ozone s3 getsecret
ozone s3 revokesecret

      Attachments

        Issue Links

          blocks

          Sub-task - The sub-task of the issue HDDS-8050 Create HTTP endpoint to access S3 secret via Kerberos auth

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4843

          Activity

            People

              izlenko Ivan Zlenko
              izlenko Ivan Zlenko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: