hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9284) Authentication method is wrong if no TGT is present
Date Fri, 26 Apr 2013 19:24:17 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13643160#comment-13643160
] 

Daryn Sharp commented on HADOOP-9284:
-------------------------------------

If kerberos is enabled on the client, but there's no TGT, it doesn't/shouldn't throw an exception.
 This allows a "secure" client to work in a heterogenous security environment.  However, the
client still tries to do kerberos which forces the server to tell the client to switch to
SIMPLE.  With this change, it immediately tries SIMPLE.

It also addresses the problem of trying to debug problems when a user log has entries claiming
the user is KERBEROS, when it's really not.

My memory is sketchy, but I was having terrible problems writing a matrix of tests for SIMPLE/PLAIN/KERBEROS/TOKEN
client & server interactions.  When the client had security enabled for kerberos, but
no TGT, I was getting many exceptions even trying to test against an insecure server.

                
> Authentication method is wrong if no TGT is present
> ---------------------------------------------------
>
>                 Key: HADOOP-9284
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9284
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: security
>    Affects Versions: 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-9284.patch, HADOOP-9284.patch
>
>
> If security is enabled, {{UGI.getLoginUser()}} will attempt an os-specific login followed
by looking for a TGT in the ticket cache.  If no TGT is found, the UGI's authentication method
is still set as KERBEROS instead of SIMPLE.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message