Return-Path: Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: (qmail 87631 invoked from network); 3 Mar 2010 05:13:54 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 3 Mar 2010 05:13:54 -0000 Received: (qmail 89066 invoked by uid 500); 3 Mar 2010 05:13:48 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 88862 invoked by uid 500); 3 Mar 2010 05:13:48 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 88833 invoked by uid 99); 3 Mar 2010 05:13:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 05:13:47 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Mar 2010 05:13:47 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 52ABE234C4BB for ; Wed, 3 Mar 2010 05:13:27 +0000 (UTC) Message-ID: <1383376737.24851267593207337.JavaMail.jira@brutus.apache.org> Date: Wed, 3 Mar 2010 05:13:27 +0000 (UTC) From: "Jakob Homan (JIRA)" To: hdfs-issues@hadoop.apache.org Subject: [jira] Created: (HDFS-1018) JspHeler.getUGI assumes user is KerbSSL'ed authed, which may not be true MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 JspHeler.getUGI assumes user is KerbSSL'ed authed, which may not be true ------------------------------------------------------------------------ Key: HDFS-1018 URL: https://issues.apache.org/jira/browse/HDFS-1018 Project: Hadoop HDFS Issue Type: Bug Reporter: Jakob Homan As identified in HDFS-1017, the UGI helper function defaults to Kerberos SSL as the final possible authentication method for an authenticated user. However, this may not be true if another filter is used to authenticate users, which is provided for. We should create another value to signify if users were actually Kerbed auth or done another way. Kerberos auth can be verified by checking for instanceof KerberosPrincipal in the helper. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.