Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-16756

RBF proxies the client's user by the login user to enable CacheEntry

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.4.0
    • 3.4.0
    • rbf
    • Reviewed

    Description

      RBF just proxies the client's user by the login user for Kerberos authentication. If the cluster uses the SIMPLE authentication method, the RBF will not proxies the client's user by the login user, the downstream namespace will not use the real clientIp, clientPort, clientId and callId even if the namenode configured dfs.namenode.ip-proxy-users.

       

      And the related code as bellow:

      UserGroupInformation connUGI = ugi;
if (UserGroupInformation.isSecurityEnabled()) {
  UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
  connUGI = UserGroupInformation.createProxyUser(
      ugi.getUserName(), routerUser);
}

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue HDFS-15079 RBF: Client maybe get an unexpected result with network anomaly

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Sub-task - The sub-task of the issue HDFS-13248 RBF: Namenode need to choose block location for the client

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4853

          Activity

            People

              xuzq_zander ZanderXu
              xuzq_zander ZanderXu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: