hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Dechoux <decho...@gmail.com>
Subject Expected behavior of nested UserGroupInformation
Date Wed, 12 Sep 2012 10:28:46 GMT
Hi,

I am using UserGroupInformation.doAs(...) in order to launch a job
programmatically from a remote application.
I was wondering : what is the expected behavior of nested
UserGroupInformation?

Is it the same as with Jaas? Which is, if I am not mistaken, the last inner
'subject' is used?
If that's the case, UserGroupInformation can not be used to enforce that a
given code will be executed with the provided user, as the action might
nest a inner call with its own user.
That might be a security threat if there is not authentication (like
Kerberos).

Can someone confirm/infirm that?

Regards

Bertrand

Mime
View raw message