You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Robert Joseph Evans (Updated) (JIRA)" <ji...@apache.org> on 2012/01/28 13:51:10 UTC
[jira] [Updated] (HADOOP-6946) SecurityUtils' TGT fetching does not
fall back to "login" user
[ https://issues.apache.org/jira/browse/HADOOP-6946?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Joseph Evans updated HADOOP-6946:
----------------------------------------
Status: Open (was: Patch Available)
Canceling the patch as the patch is out of date.
> SecurityUtils' TGT fetching does not fall back to "login" user
> --------------------------------------------------------------
>
> Key: HADOOP-6946
> URL: https://issues.apache.org/jira/browse/HADOOP-6946
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Attachments: hadoop-6946-20security.txt, hadoop-6946.txt
>
>
> In SecurityUtil.getTgtFromSubject and SecurityUtil.fetchServiceTicket, the current JAAS Subject is fetched directly from the AccessController, rather than using UserGroupInformation.getCurrentUser().getSubject(). This means that if it is not run in the confines of a doAs() block, it will fail since the current JAAS subject is null, even though SecurityUtil.login(...) may have been called.
> In practice, one place this shows up is using the secondary namenode's "-checkpoint force" option in secured 0.20, since it's done inside the main thread with no surrounding doAs().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira