[ZEPPELIN-2530] Zeppelin user impersonation with domain name suffix is failing - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.7.1
Fix Version/s: 0.7.2, 0.8.0
Component/s: None
Labels:
None

Description

Basically what happens is, if a user login using full name with suffix then the user impersonation fails, as the HDFS expects username without the suffix.

This is because the username is passed to underlying components with suffix and got rejected in security layer with IllegalArgumentException

Error in delegation token service logs where the requests are rejected with IllegalArgumentException:

Caused by: java.lang.IllegalArgumentException: Illegal principal name adminuser1@testdomain.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to adminuser1@testdomain.com
        at org.apache.hadoop.security.User.<init>(User.java:51)
        at org.apache.hadoop.security.User.<init>(User.java:43)
        at org.apache.hadoop.security.UserGroupInformation.createProxyUser(UserGroupInformation.java:1283)
        at com.sun.jersey.server.impl.inject.InjectableValuesProvider.getInjectableValues(InjectableValuesProvider.java:46)
        ... 42 more

Attachments

Issue Links

links to

GitHub Pull Request #2337

Activity

People

Assignee:: Prabhjyot Singh

Reporter:: Prabhjyot Singh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/May/17 13:10

Updated:: 16/May/17 07:34

Resolved:: 16/May/17 07:34