You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Yi Liu (JIRA)" <ji...@apache.org> on 2015/01/15 13:18:35 UTC

[jira] [Commented] (HADOOP-11479) hdfs crypto -createZone fails to impersonate the real user in a kerberised environment

    [ https://issues.apache.org/jira/browse/HADOOP-11479?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14278621#comment-14278621 ] 

Yi Liu commented on HADOOP-11479:
---------------------------------

[~ranadip], can you paste the failure msg?  
Only super user is allowed to create an encryption zone. What key level ACL you have configured?

> hdfs crypto -createZone fails to impersonate the real user in a kerberised environment
> --------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11479
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11479
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.6.0
>         Environment: CentOS
>            Reporter: Ranadip
>
> The problem occurs when KMS key level acl is created for the key before the encryption zone is created. The command tried to create the encryption zone using "hdfs" user's identity and not the real user's identity.
> Steps:
> In a kerberised environment:
> 1. Create key level ACL in KMS for a new key.
> 2. Create encryption key now. (Goes through fine)
> 3. Create encryption zone. (Fails)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)