You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-issues@hadoop.apache.org by "ZanderXu (Jira)" <ji...@apache.org> on 2022/09/05 12:49:00 UTC
[jira] [Created] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry
ZanderXu created HDFS-16756:
-------------------------------
Summary: RBF proxies the client's user by the login user to enable CacheEntry
Key: HDFS-16756
URL: https://issues.apache.org/jira/browse/HDFS-16756
Project: Hadoop HDFS
Issue Type: Bug
Reporter: ZanderXu
Assignee: ZanderXu
RBF just proxies the client's user by the login user for Kerberos authentication. If the cluster uses the SIMPLE authentication method, the RBF will not proxies the client's user by the login user, the downstream namespace will not use the real clientIp, clientPort, clientId and callId even if the namenode configured dfs.namenode.ip-proxy-users.
And the related code as bellow:
{code:java}
UserGroupInformation connUGI = ugi;
if (UserGroupInformation.isSecurityEnabled()) {
UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
connUGI = UserGroupInformation.createProxyUser(
ugi.getUserName(), routerUser);
} {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org