You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2018/03/27 03:34:00 UTC

[jira] [Updated] (KUDU-2379) Spark generates a broken authentication credentials PB

     [ https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Todd Lipcon updated KUDU-2379:
------------------------------
    Status: In Review  (was: Open)

> Spark generates a broken authentication credentials PB
> ------------------------------------------------------
>
>                 Key: KUDU-2379
>                 URL: https://issues.apache.org/jira/browse/KUDU-2379
>             Project: Kudu
>          Issue Type: Bug
>          Components: java, spark
>    Affects Versions: 1.7.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Blocker
>
> KUDU-2259 introduced a regression which causes Spark to not work properly on secure clusters. The issue is the following:
> - the driver calls exportAuthenticationCredentials()
> -- the client hasn't yet talked to the master, so it doesn't have any credentials yet, despite having a keytab available
> -- the code is as follows:
> {code}
>     byte[] authnData = securityContext.exportAuthenticationCredentials();
>     if (authnData != null) {
>       return Deferred.fromResult(authnData);
>     }
> {code}
> -- previously, authnData would be null in this case, and it would fall through to connect to the cluster and then export a proper token.
> -- with the new implementation, an authnData is returned which is devoid of real credentials but contains a realUser. So, it's non-null, and it gets returned immediately
> - the tasks then get credentials with no tokens and can't connect



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)