Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-34497

JDBC connection provider is not removing kerberos credentials from JVM security context

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.2, 3.1.1, 3.2.0
    • 3.1.2
    • SQL
    • None

    Description

      Some of the built-in JDBC connection providers are changing the JVM security context to do the authentication which is fine. The problematic part is that executors can be reused by another query. The following situation leads to incorrect behaviour:

      • Query1 opens JDBC connection and changes JVM security context in Executor1
      • Query2 tries to open JDBC connection but it realizes there is already an entry for that DB type in Executor1
      • Query2 is not changing JVM security context and uses Query1 keytab and principal
      • Query2 fails with authentication error

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            gsomogyi Gabor Somogyi
            gsomogyi Gabor Somogyi
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment