hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ranadip (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-11479) hdfs crypto -createZone fails to impersonate the real user in a kerberised environment
Date Thu, 15 Jan 2015 13:00:37 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-11479?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ranadip updated HADOOP-11479:
-----------------------------
    Attachment: KMS-test-acl.txt

> hdfs crypto -createZone fails to impersonate the real user in a kerberised environment
> --------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11479
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11479
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>         Environment: CentOS
>            Reporter: Ranadip
>         Attachments: KMS-test-acl.txt
>
>
> The problem occurs when KMS key level acl is created for the key before the encryption
zone is created. The command tried to create the encryption zone using "hdfs" user's identity
and not the real user's identity.
> Steps:
> In a kerberised environment:
> 1. Create key level ACL in KMS for a new key.
> 2. Create encryption key now. (Goes through fine)
> 3. Create encryption zone. (Fails)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message