hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9284) Authentication method is wrong if no TGT is present
Date Fri, 26 Apr 2013 18:18:16 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13643094#comment-13643094
] 

Kihwal Lee commented on HADOOP-9284:
------------------------------------

Rather than changing the auth method, isn't the login() supposed to fail and throw an exception?
Since USER_KERBEROS_LOGIN is optional, login() won't throw a LoginException though. Is it
for allowing security-enabled clients to work in non-secure run-time? E.g. no tgt on client
side and servers with no security. If that is the design, this patch is acceptable.  

I just want to add that falling back to insecure mode is a bad idea especially when security
degradation against the configured setting is not properly noted to users. This behavior may
be needed in certain cases so supporting it is okay, but shouldn't be a default one.
                
> Authentication method is wrong if no TGT is present
> ---------------------------------------------------
>
>                 Key: HADOOP-9284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9284
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9284.patch, HADOOP-9284.patch
>
>
> If security is enabled, {{UGI.getLoginUser()}} will attempt an os-specific login followed
by looking for a TGT in the ticket cache.  If no TGT is found, the UGI's authentication method
is still set as KERBEROS instead of SIMPLE.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message