hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4542) Webhdfs doesn't support secure proxy users
Date Wed, 06 Mar 2013 10:48:15 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13594595#comment-13594595
] 

Hudson commented on HDFS-4542:
------------------------------

Integrated in Hadoop-Yarn-trunk #147 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/147/])
    HDFS-4542. Webhdfs doesn't support secure proxy users. Contributed by Daryn Sharp. (Revision
1452978)

     Result = SUCCESS
kihwal : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1452978
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java

                
> Webhdfs doesn't support secure proxy users
> ------------------------------------------
>
>                 Key: HDFS-4542
>                 URL: https://issues.apache.org/jira/browse/HDFS-4542
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 3.0.0, 0.23.7, 2.0.4-beta
>
>         Attachments: HDFS-4542.branch-23.patch, HDFS-4542.patch, HDFS-4542.patch
>
>
> Webhdfs doesn't ever send the {{DoAsParam}} in the REST calls for proxy users.  Proxy
users on a non-secure cluster "work" because the server sees them as the effective user, not
a proxy user, which effectively bypasses the proxy authorization checks.  On secure clusters,
it doesn't work at all in part due to wrong ugi being used for the connection (HDFS-3367),
but then it fails because the effective user tries to use a non-proxy token for the real user.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message