hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8152) Expand public APIs for security library classes
Date Mon, 09 Apr 2012 20:49:18 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250168#comment-13250168
] 

Aaron T. Myers commented on HADOOP-8152:
----------------------------------------

bq. The basic problem is that the UGI code assumes there is only one keytab in play so when
there are two or more, calling reloginFromKeytab (amongst other routines) can have unpredictable
results.

Makes sense. Thanks for the explanation. Would you mind filing a JIRA describing the issue?
Even if you don't intend to work on it, having the problem described will be helpful to facilitate
discussion.

bq. What we've been hypothesizing is changing it such that it requires saying which keytab
you actually want to relogin from... which means there is a good chance that backward compatibility
isn't going to be possible.

Sounds like backward compatibility could perhaps be achieved for the single-keytab case by
retaining the no-arg routines, checking how many keytabs are in play, and throwing an error
if a no-arg routine is called when there's more than one keytab.
                
> Expand public APIs for security library classes
> -----------------------------------------------
>
>                 Key: HADOOP-8152
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8152
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.0.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: HADOOP-8152.patch, HADOOP-8152.patch
>
>
> Currently projects like Hive and HBase use UserGroupInformation and SecurityUtil methods.
Both of these classes are marked LimitedPrivate(HDFS,MR) but should probably be marked more
generally public.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message