You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Zhijie Shen (JIRA)" <ji...@apache.org> on 2014/10/21 05:14:34 UTC

[jira] [Updated] (HADOOP-11215) DT management ops in DelegationTokenAuthenticatedURL assume the authenticator is KerberosDelegationTokenAuthenticator

     [ https://issues.apache.org/jira/browse/HADOOP-11215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zhijie Shen updated HADOOP-11215:
---------------------------------
    Labels: se  (was: )

> DT management ops in DelegationTokenAuthenticatedURL assume the authenticator is KerberosDelegationTokenAuthenticator
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11215
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11215
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Zhijie Shen
>              Labels: se
>
> Here's the code in get/renew/cancel DT:
> {code}
>       return ((KerberosDelegationTokenAuthenticator) getAuthenticator()).
>           renewDelegationToken(url, token, token.delegationToken, doAsUser);
> {code}
> It seems not to be right because PseudoDelegationTokenAuthenticator should work here as well. At least, it is inconsistent in the context of delegation token authentication, as DelegationTokenAuthenticationHandler doesn't require the authentication must be Kerberos. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)