accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ACCUMULO-3620) Consider removing check on UGI-logged-in user in KerberosToken
Date Tue, 24 Feb 2015 17:14:04 GMT
Josh Elser created ACCUMULO-3620:
------------------------------------

             Summary: Consider removing check on UGI-logged-in user in KerberosToken
                 Key: ACCUMULO-3620
                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3620
             Project: Accumulo
          Issue Type: Improvement
          Components: client
            Reporter: Josh Elser
            Assignee: Josh Elser
             Fix For: 1.7.0


Fixing a bunch of tests, I've found that the following is hard to work around:

{code:title=KerberosToken.java}
  public KerberosToken() throws IOException {
    this(UserGroupInformation.getCurrentUser().getUserName());
  }
{code}

It makes the client API harder to manage because you have to be logged in as the user you
intend to be acting as. So, things like creating a new user "user" as a different user "root"
is non-intuitive.

Server-side, I know there is at least one place that we construct a KerberosToken which only
works because the server is already logged in (but it's just used as a place holder and not
as a substitute for some other user's credentials).

I think we want to remove the check (make it an empty constructor), but I'm not sure what
other checks would be desired/necessary to the constructors that accept arguments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message