hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vihang Karajgaonkar (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-15068) cancelToken and renewToken should use shortUserName consistently
Date Thu, 23 Nov 2017 04:31:00 GMT
Vihang Karajgaonkar created HADOOP-15068:
--------------------------------------------

             Summary: cancelToken and renewToken should use shortUserName consistently
                 Key: HADOOP-15068
                 URL: https://issues.apache.org/jira/browse/HADOOP-15068
             Project: Hadoop Common
          Issue Type: Improvement
          Components: common
    Affects Versions: 2.8.2
            Reporter: Vihang Karajgaonkar


 {{AbstractDelegationTokenSecretManager}} is used by many external projects including Hive.
This class provides implementations of renewToken and cancelToken which are used for the delegation
token management. The methods are semantically inconsistent. Specifically, when you call cancelToken,
the string value of the canceller is used to get the Kerberos shortname and then compared
with the renewer value of the token to be cancelled. While in case of renewToken, the string
value which is passed in is used directly to compare with the renewer value of the token.

This inconsistency means that applications need to know about this subtle difference and pass
in the shortname while renewing the token, while it can pass the full kerberos username during
cancellation. Can we change the renewToken method such that it uses the shortName similar
to the cancelToken method?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org


Mime
View raw message