You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-issues@hadoop.apache.org by "ZanderXu (Jira)" <ji...@apache.org> on 2022/09/05 12:49:00 UTC

[jira] [Created] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry

ZanderXu created HDFS-16756:
-------------------------------

             Summary: RBF proxies the client's user by the login user to enable CacheEntry
                 Key: HDFS-16756
                 URL: https://issues.apache.org/jira/browse/HDFS-16756
             Project: Hadoop HDFS
          Issue Type: Bug
            Reporter: ZanderXu
            Assignee: ZanderXu


RBF just proxies the client's user by the login user for Kerberos authentication. If the cluster uses the SIMPLE authentication method, the RBF will not proxies the client's user by the login user, the downstream namespace will not use the real clientIp, clientPort, clientId and callId even if the namenode configured dfs.namenode.ip-proxy-users.

 

And the related code as bellow:
{code:java}
UserGroupInformation connUGI = ugi;
if (UserGroupInformation.isSecurityEnabled()) {
  UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
  connUGI = UserGroupInformation.createProxyUser(
      ugi.getUserName(), routerUser);
} {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org