hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-9227) RESTServer should handle the loginUser correctly
Date Thu, 15 Aug 2013 02:16:48 GMT

    [ https://issues.apache.org/jira/browse/HBASE-9227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13740589#comment-13740589
] 

Devaraj Das commented on HBASE-9227:
------------------------------------

The problem is that in the RESTServer code, we call loginUserFromKeytabAndReturnUGI. This
doesn't set the loginUser in the UGI. Thereafter, when the getCurrentUser would be called
(which at some point would be called in the RPC client), it would try to login, but the keytabFile
wouldn't be set and it the login will be as a regular user (non-keytab). This will work if
someone had done a kinit outside the process prior to the first RPC invocation from the REST
server. But this is not what we want.. [Note that the keytabFile would be set only when loginUserFromKeytab
is called.]
                
> RESTServer should handle the loginUser correctly
> ------------------------------------------------
>
>                 Key: HBASE-9227
>                 URL: https://issues.apache.org/jira/browse/HBASE-9227
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.95.0
>            Reporter: Devaraj Das
>            Assignee: Devaraj Das
>            Priority: Blocker
>             Fix For: 0.95.2
>
>         Attachments: 9227-1.txt
>
>
> HBASE-8662 introduced a change by which the realUser in the method RESTServer.main()
gets assigned to the loginUser only when the config hbase.rest.authentication.type is set
to something (like "kerberos").
> I think we should set the realUser to loginUser even when the config hbase.rest.authentication.type
is null. Without that the regular (non-impersonated) accesses also fail.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message