Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-14434

webhdfs that connect secure hdfs should not use user.name parameter

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.2
    • Fix Version/s: 3.3.0, 3.1.4, 3.2.2
    • Component/s: webhdfs
    • Labels:
      None

      Description

      I have two secure hadoop cluster.  Both cluster use cross-realm authentication. 
      user_a@A.COM can access to HDFS of B.COM realm
      by the way, hadoop username of user_a@A.COM  in B.COM realm is  cross_realm_a_com_user_a.
      hdfs dfs command of user_a@A.COM using B.COM webhdfs failed.
      root cause is  webhdfs that connect secure hdfs use user.name parameter.
      according to webhdfs spec,  insecure webhdfs use user.name,  secure webhdfs use SPNEGO for authentication.

      I think webhdfs that connect secure hdfs  should not use user.name parameter.
      I will attach patch.

      below is error log
       

      $ hdfs dfs -ls  webhdfs://b.com:50070/
      ls: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a
       
      # user.name in cross realm webhdfs
      $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=user_a' 
      {"RemoteException":{"exception":"SecurityException","javaClassName":"java.lang.SecurityException","message":"Failed to obtain user group information: java.io.IOException: Usernames not matched: name=user_a != expected=cross_realm_a_com_user_a"}}
      
      # USE SPNEGO
      $ curl -u : --negotiate 'http://b.com:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN'
      {"Token"{"urlString":"XgA....."}}
       
      

       

       

       

       

       

        Attachments

        1. HDFS-14434.008.patch
          31 kB
          KWON BYUNGCHANG
        2. HDFS-14434.007.patch
          30 kB
          KWON BYUNGCHANG
        3. HDFS-14434.006.patch
          30 kB
          KWON BYUNGCHANG
        4. HDFS-14434.005.patch
          30 kB
          KWON BYUNGCHANG
        5. HDFS-14434.004.patch
          28 kB
          KWON BYUNGCHANG
        6. HDFS-14434.003.patch
          28 kB
          KWON BYUNGCHANG
        7. HDFS-14434.002.patch
          17 kB
          KWON BYUNGCHANG
        8. HDFS-14434.001.patch
          9 kB
          KWON BYUNGCHANG

          Activity

            People

            • Assignee:
              magnum KWON BYUNGCHANG
              Reporter:
              magnum KWON BYUNGCHANG
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: