hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Nauroth (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9085) Show renewer information in DelegationTokenIdentifier#toString
Date Thu, 17 Sep 2015 03:03:45 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14791503#comment-14791503

Chris Nauroth commented on HDFS-9085:

Hello [~zxu].  Thank you for the patch.  This looks helpful.

Unfortunately, there is a small backwards-compatibility concern.  The return value of {{DelegationTokenIdentifier#toString}}
is output to the console by the {{hdfs fetchdt --print}} command.  If an administrator had
written any scripting that relies on parsing that output, then this change could break it.
 I think that prevents us from committing to branch-2, though a commit to trunk would still
be possible.

> Show renewer information in DelegationTokenIdentifier#toString
> --------------------------------------------------------------
>                 Key: HDFS-9085
>                 URL: https://issues.apache.org/jira/browse/HDFS-9085
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: zhihai xu
>            Assignee: zhihai xu
>            Priority: Trivial
>         Attachments: HDFS-9085.001.patch
> Show renewer information in {{DelegationTokenIdentifier#toString}}. Currently 
> {{org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier}} didn't
show the renewer information. It will be very useful to have renewer information to debug
security related issue. Because the renewer will be filtered by "hadoop.security.auth_to_local",
it will be helpful to show the real renewer info after applying the rules.

This message was sent by Atlassian JIRA

View raw message