-
Type:
Sub-task
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 0.23.0, 2.0.0-alpha, 3.0.0-alpha1
-
Fix Version/s: 0.23.7, 2.1.0-beta
-
Component/s: webhdfs
-
Labels:None
-
Target Version/s:
Webhdfs doesn't ever send the DoAsParam in the REST calls for proxy users. Proxy users on a non-secure cluster "work" because the server sees them as the effective user, not a proxy user, which effectively bypasses the proxy authorization checks. On secure clusters, it doesn't work at all in part due to wrong ugi being used for the connection (HDFS-3367), but then it fails because the effective user tries to use a non-proxy token for the real user.
- depends upon
-
HADOOP-9352 Expose UGI.setLoginUser for tests
-
- Closed
-
- is required by
-
HDFS-3367 WebHDFS doesn't use the logged in user when opening connections
-
- Resolved
-
- relates to
-
HDFS-4560 Webhdfs cannot use tokens obtained by another user
-
- Closed
-