accumulo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Srinivasan <>
Subject Re: ClientConfiguration using Kerberos & MapReduce
Date Sat, 20 May 2017 19:33:10 GMT
>> Delegation tokens are serialized into the Job's "credentials" section and
>> distributed securely that way.
> Ah, that's my problem. Will probably have to update the GeoMesa code
> to wok with Jobs rather than Configurations, so that the Credentials
> aren't lost.

Hmm, not so easy it seems. My callstack which triggers the exception
when the credentials are missing from the Job is this:

  at org.apache.accumulo.core.client.mapreduce.lib.impl.ConfiguratorBase.unwrapAuthenticationToken(
  at org.apache.accumulo.core.client.mapreduce.AbstractInputFormat.validateOptions(
  at org.apache.accumulo.core.client.mapreduce.AbstractInputFormat.getSplits(
  at org.apache.spark.rdd.NewHadoopRDD.getPartitions(NewHadoopRDD.scala:121)

Now org.apache.spark.rdd.NewHadoopRDD.getPartitions does this:

  val jobContext = new JobContextImpl(_conf, jobId)

So doesn't seem to support tokens (Jobs) being supplied, just Configurations.

I can't call AccumuloInputFormat.setConnectorInfo again since it has
already been called, and I presume adding the serialised token to the
Configuration would be insecure?

Yours in puzzlement,


View raw message