Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 81043 invoked from network); 20 Feb 2010 20:34:49 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 20 Feb 2010 20:34:49 -0000 Received: (qmail 23182 invoked by uid 500); 20 Feb 2010 20:34:49 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 23132 invoked by uid 500); 20 Feb 2010 20:34:49 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 23122 invoked by uid 99); 20 Feb 2010 20:34:49 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Feb 2010 20:34:49 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 20 Feb 2010 20:34:48 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id EF76329A0019 for ; Sat, 20 Feb 2010 12:34:27 -0800 (PST) Message-ID: <1485324488.414421266698067979.JavaMail.jira@brutus.apache.org> Date: Sat, 20 Feb 2010 20:34:27 +0000 (UTC) From: "Hudson (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Commented: (HADOOP-6545) Cached FileSystem objects can lead to wrong token being used in setting up connections In-Reply-To: <165334453.117301265616932420.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-6545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836257#action_12836257 ] Hudson commented on HADOOP-6545: -------------------------------- Integrated in Hadoop-Common-trunk-Commit #179 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/179/]) . Changes the Key for the FileSystem cache to be UGI. Contributed by Devaraj Das. > Cached FileSystem objects can lead to wrong token being used in setting up connections > -------------------------------------------------------------------------------------- > > Key: HADOOP-6545 > URL: https://issues.apache.org/jira/browse/HADOOP-6545 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 0.22.0 > Reporter: Devaraj Das > Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 6545-1.patch, 6545-2.patch, 6545-bp20.patch > > > The FileSystem class caches the filesystem objects that it creates for users. For some cases, e.g., if the filesystem object is actually a DistributedFileSystem, it also has an associated RPC client and hence an UGI for the respective user. This could lead to issues to do with using the right credentials when connecting with the namenode. The credentials in the UGI is never updated (even if the user in question now has new credentials) and in case the cached UGI's credentials have expired, this would lead to authentication error whenever there is a re-authentication (in the process of re-establishing connection to the namenode). -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.