You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2014/10/08 18:02:33 UTC

[jira] [Created] (HADOOP-11176) KMSClientProvider authentication fails when when both currentUgi and loginUgi is a proxied user

Arun Suresh created HADOOP-11176:
------------------------------------

             Summary: KMSClientProvider authentication fails when when both currentUgi and loginUgi is a proxied user
                 Key: HADOOP-11176
                 URL: https://issues.apache.org/jira/browse/HADOOP-11176
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: Arun Suresh


In a secure environment, with kerberos, when the KMSClientProvider instance is created in the context of a proxied user, The initial SPNEGO handshake is made with the currentUser (the proxied user) as the Principal.. this will fail, since the proxied user is not logged in.
The handshake must be done using the real user.
 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)