Return-Path: 
 <notifications-return-27518-apmail-accumulo-notifications-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6EFF41082D
	for <apmail-accumulo-notifications-archive@minotaur.apache.org>;
 Wed, 11 Feb 2015 03:27:15 +0000 (UTC)
Received: (qmail 83971 invoked by uid 500); 11 Feb 2015 03:27:12 -0000
Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org
Received: (qmail 83898 invoked by uid 500); 11 Feb 2015 03:27:12 -0000
Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@accumulo.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@accumulo.apache.org>
List-Post: <mailto:notifications@accumulo.apache.org>
List-Id: <notifications.accumulo.apache.org>
Reply-To: jira@apache.org
Delivered-To: mailing list notifications@accumulo.apache.org
Received: (qmail 83877 invoked by uid 99); 11 Feb 2015 03:27:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 11 Feb 2015 03:27:12 +0000
Date: Wed, 11 Feb 2015 03:27:11 +0000 (UTC)
From: "Josh Elser (JIRA)" <jira@apache.org>
To: notifications@accumulo.apache.org
Message-ID: <JIRA.12773091.1423250312000.9490.1423625231661@Atlassian.JIRA>
In-Reply-To: <JIRA.12773091.1423250312000@Atlassian.JIRA>
References: <JIRA.12773091.1423250312000@Atlassian.JIRA>
 <JIRA.12773091.1423250312054@arcas>
Subject: [jira] [Resolved] (ACCUMULO-3568) getDiskUsage server
 implementation recreates Connector from user credentials
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Josh Elser resolved ACCUMULO-3568.
----------------------------------
    Resolution: Fixed

> getDiskUsage server implementation recreates Connector from user credentials
> ----------------------------------------------------------------------------
>
>                 Key: ACCUMULO-3568
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
>             Project: Accumulo
>          Issue Type: Bug
>          Components: tserver
>         Environment: kerberos
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The server-side impl for {{TableOperationsImpl.getDiskUsage}} pulls the credentials from the RPC and makes a {{Connector}} from them instead of using its own credentials. With Kerberos enabled, this results in the server "accumulo/hostname@REALM" trying to act as "user@REALM" which (correctly) fails.
> The getDiskUsage implementation should use its own Connector (using the SystemToken from the ServerContext), perform the correct security checks for permissions and act on behalf of the user instead of trying to *be* the user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)