You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-issues@hadoop.apache.org by "Ayush Saxena (Jira)" <ji...@apache.org> on 2022/09/09 07:19:00 UTC

[jira] [Resolved] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry

     [ https://issues.apache.org/jira/browse/HDFS-16756?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ayush Saxena resolved HDFS-16756.
---------------------------------
    Fix Version/s: 3.4.0
     Hadoop Flags: Reviewed
       Resolution: Fixed

> RBF proxies the client's user by the login user to enable CacheEntry
> --------------------------------------------------------------------
>
>                 Key: HDFS-16756
>                 URL: https://issues.apache.org/jira/browse/HDFS-16756
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: ZanderXu
>            Assignee: ZanderXu
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 3.4.0
>
>
> RBF just proxies the client's user by the login user for Kerberos authentication. If the cluster uses the SIMPLE authentication method, the RBF will not proxies the client's user by the login user, the downstream namespace will not use the real clientIp, clientPort, clientId and callId even if the namenode configured dfs.namenode.ip-proxy-users.
>  
> And the related code as bellow:
> {code:java}
> UserGroupInformation connUGI = ugi;
> if (UserGroupInformation.isSecurityEnabled()) {
>   UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
>   connUGI = UserGroupInformation.createProxyUser(
>       ugi.getUserName(), routerUser);
> } {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org