Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 9F327200BBB for ; Thu, 10 Nov 2016 09:52:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 9DE1F160B15; Thu, 10 Nov 2016 08:52:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E7607160AF6 for ; Thu, 10 Nov 2016 09:52:03 +0100 (CET) Received: (qmail 86874 invoked by uid 500); 10 Nov 2016 08:52:01 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 86772 invoked by uid 99); 10 Nov 2016 08:52:01 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 10 Nov 2016 08:52:01 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id 7BDAE2C0059 for ; Thu, 10 Nov 2016 08:52:01 +0000 (UTC) Date: Thu, 10 Nov 2016 08:52:01 +0000 (UTC) From: "Alejandro Abdelnur (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HADOOP-13805) UGI.getCurrentUser() fails if user does not have a keytab associated MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 10 Nov 2016 08:52:04 -0000 Alejandro Abdelnur created HADOOP-13805: ------------------------------------------- Summary: UGI.getCurrentUser() fails if user does not have a keytab associated Key: HADOOP-13805 URL: https://issues.apache.org/jira/browse/HADOOP-13805 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.8.0, 2.9.0, 3.0.0-alpha2 Reporter: Alejandro Abdelnur Priority: Blocker HADOOP-13558 intention was to avoid UGI from trying to renew the TGT when the UGI is created from an existing Subject as in that case the keytab is not 'own' by UGI but by the creator of the Subject. In HADOOP-13558 we introduced a new private UGI constructor {{UserGroupInformation(Subject subject, final boolean externalKeyTab)}} and we use with TRUE only when doing a {{UGI.loginUserFromSubject()}}. The problem is, when we call {{UGI.getCurrentUser()}}, and UGI was created via a Subject (via the {{UGI.loginUserFromSubject()}} method), we call {{new UserGroupInformation(subject)}} which will delegate to {{UserGroupInformation(Subject subject, final boolean externalKeyTab)}} and that will use externalKeyTab == *TRUE*. Then the UGI returned by {{UGI.getCurrentUser()}} will attempt to login using a non-existing keytab if the TGT expired. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org