Details
-
Type:
Sub-task
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 0.23.0, 2.0.0-alpha, 3.0.0
-
Fix Version/s: 3.0.0, 0.23.7, 2.1.0-beta
-
Component/s: webhdfs
-
Labels:None
-
Target Version/s:
Description
Webhdfs doesn't ever send the DoAsParam in the REST calls for proxy users. Proxy users on a non-secure cluster "work" because the server sees them as the effective user, not a proxy user, which effectively bypasses the proxy authorization checks. On secure clusters, it doesn't work at all in part due to wrong ugi being used for the connection (HDFS-3367), but then it fails because the effective user tries to use a non-proxy token for the real user.
Issue Links
- depends upon
-
HADOOP-9352
Expose UGI.setLoginUser for tests
-
- Closed
-
- is required by
-
HDFS-3367
WebHDFS doesn't use the logged in user when opening connections
-
- Resolved
-
- relates to
-
HDFS-4560
Webhdfs cannot use tokens obtained by another user
-
- Closed
-
Activity
| Attachment | HDFS-4542.patch [ 12571649 ] |
| Status | Open [ 1 ] | Patch Available [ 10002 ] |
| Link |
This issue depends on |
| Attachment | HDFS-4542.patch [ 12571886 ] |
| Attachment | HDFS-4542.branch-23.patch [ 12571889 ] |
| Attachment |
|
| Attachment | HDFS-4542.patch [ 12571896 ] |
| Status | Patch Available [ 10002 ] | Resolved [ 5 ] |
| Fix Version/s | 3.0.0 [ 12320356 ] | |
| Fix Version/s | 0.23.7 [ 12323955 ] | |
| Fix Version/s | 2.0.4-beta [ 12324031 ] | |
| Resolution | Fixed [ 1 ] |
| Parent | HDFS-4576 [ 12636032 ] | |
| Issue Type | Bug [ 1 ] | Sub-task [ 7 ] |
| Link |
This issue depends on |
| Link |
This issue depends upon |
| Status | Resolved [ 5 ] | Closed [ 6 ] |