hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3553) Hftp proxy tokens are broken
Date Tue, 03 Jul 2012 22:20:35 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406114#comment-13406114

Owen O'Malley commented on HDFS-3553:

The patch looks generally good, but I have a few comments:

1. I don't think you can assume that the process has Kerberos tickets for the real user that
was pull out of the ugi. I'd be happier if you were using the UserGroupInformation.getLoginUser.
2. I prefer the original structure of JspHelper.getUGI that first splits on security enable
and then on whether there is a token. It doesn't seem like a good idea to merge the non-token
secure and insecure cases. In particular, in the secure case I don't see where you are pulling
the user from the connection.
3. Shouldn't you be able to have a proxy user with real user from the connection and ?ugi=
for the effective user? I don't think that is allowed by your patch.
> Hftp proxy tokens are broken
> ----------------------------
>                 Key: HDFS-3553
>                 URL: https://issues.apache.org/jira/browse/HDFS-3553
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 1.0.2, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HDFS-3553-1.branch-1.0.patch, HDFS-3553.branch-1.0.patch
> Proxy tokens are broken for hftp.  The impact is systems using proxy tokens, such as
oozie jobs, cannot use hftp.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message