You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "chendihao (JIRA)" <ji...@apache.org> on 2019/02/19 11:44:00 UTC
[jira] [Updated] (HADOOP-16122) Re-login from keytab for multiple
Hadoop users not works
[ https://issues.apache.org/jira/browse/HADOOP-16122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
chendihao updated HADOOP-16122:
-------------------------------
Summary: Re-login from keytab for multiple Hadoop users not works (was: Re-login from keytab for multiple Hadoop users without using global static UGI users)
> Re-login from keytab for multiple Hadoop users not works
> --------------------------------------------------------
>
> Key: HADOOP-16122
> URL: https://issues.apache.org/jira/browse/HADOOP-16122
> Project: Hadoop Common
> Issue Type: Bug
> Components: auth
> Reporter: chendihao
> Priority: Major
>
> In our scenario, we have a service to allow multiple users to access HDFS with their keytab. The users have different Hadoop user and permission to access the HDFS files. The service will run with multi-threads and create one independent UGI object for each user and use the UGI to create Hadoop FileSystem object to read/write HDFS.
>
> Since we have multiple Hadoop users in the same process, we have to use `loginUserFromKeytabAndReturnUGI` instead of `loginUserFromKeytab`. The `loginUserFromKeytabAndReturnUGI` will not do the re-login automatically. Then we have to call `checkTGTAndReloginFromKeytab` or `reloginFromKeytab` before the kerberos ticket expires.
>
> The issue is that `reloginFromKeytab` will re-login with the wrong users instead of the one from the expected UGI object.
>
> Because of this issue, we can only support multiple Hadoop users to login with their own keytabs but not re-login when the tickets expire.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org