Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34497

JDBC connection provider is not removing kerberos credentials from JVM security context

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.2, 3.1.1, 3.2.0
    • Fix Version/s: 3.1.2
    • Component/s: SQL
    • Labels:
      None

      Description

      Some of the built-in JDBC connection providers are changing the JVM security context to do the authentication which is fine. The problematic part is that executors can be reused by another query. The following situation leads to incorrect behaviour:

      • Query1 opens JDBC connection and changes JVM security context in Executor1
      • Query2 tries to open JDBC connection but it realizes there is already an entry for that DB type in Executor1
      • Query2 is not changing JVM security context and uses Query1 keytab and principal
      • Query2 fails with authentication error

        Attachments

          Activity

            People

            • Assignee:
              gsomogyi Gabor Somogyi
              Reporter:
              gsomogyi Gabor Somogyi
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: