accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ACCUMULO-3568) getDiskUsage server implementation recreates Connector from user credentials
Date Wed, 11 Feb 2015 03:26:11 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Josh Elser updated ACCUMULO-3568:
---------------------------------
    Component/s:     (was: shell)
                 tserver

> getDiskUsage server implementation recreates Connector from user credentials
> ----------------------------------------------------------------------------
>
>                 Key: ACCUMULO-3568
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>         Environment: kerberos
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The server-side impl for {{TableOperationsImpl.getDiskUsage}} pulls the credentials from
the RPC and makes a {{Connector}} from them instead of using its own credentials. With Kerberos
enabled, this results in the server "accumulo/hostname@REALM" trying to act as "user@REALM"
which (correctly) fails.
> The getDiskUsage implementation should use its own Connector (using the SystemToken from
the ServerContext), perform the correct security checks for permissions and act on behalf
of the user instead of trying to *be* the user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message