hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4542) Webhdfs doesn't support secure proxy users
Date Wed, 06 Mar 2013 10:48:15 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13594595#comment-13594595

Hudson commented on HDFS-4542:

Integrated in Hadoop-Yarn-trunk #147 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/147/])
    HDFS-4542. Webhdfs doesn't support secure proxy users. Contributed by Daryn Sharp. (Revision

     Result = SUCCESS
kihwal : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1452978
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/web/WebHdfsFileSystem.java
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/TestWebHdfsUrl.java

> Webhdfs doesn't support secure proxy users
> ------------------------------------------
>                 Key: HDFS-4542
>                 URL: https://issues.apache.org/jira/browse/HDFS-4542
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: webhdfs
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 3.0.0, 0.23.7, 2.0.4-beta
>         Attachments: HDFS-4542.branch-23.patch, HDFS-4542.patch, HDFS-4542.patch
> Webhdfs doesn't ever send the {{DoAsParam}} in the REST calls for proxy users.  Proxy
users on a non-secure cluster "work" because the server sees them as the effective user, not
a proxy user, which effectively bypasses the proxy authorization checks.  On secure clusters,
it doesn't work at all in part due to wrong ugi being used for the connection (HDFS-3367),
but then it fails because the effective user tries to use a non-proxy token for the real user.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message