You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Partha Pratim Ghosh (JIRA)" <ji...@apache.org> on 2016/06/29 12:57:37 UTC
[jira] [Created] (HADOOP-13328) Hadoop security not getting wrapped
in JAAS
Partha Pratim Ghosh created HADOOP-13328:
--------------------------------------------
Summary: Hadoop security not getting wrapped in JAAS
Key: HADOOP-13328
URL: https://issues.apache.org/jira/browse/HADOOP-13328
Project: Hadoop Common
Issue Type: Bug
Reporter: Partha Pratim Ghosh
I have a requirement where I need to call two hadoop instances (through separate spark contexts) from same J2EE application. These 2 instances shall open with separate kerberos principal and keytabs to be decided while creating the instances.
The issue I am getting is that even when I wrap the call in a JAAS Subject.doAsPrivileged after login with principal and keytab the underlying Hadoop call is picking up the System's kerberos cache instead of the provided principal and keytab, resulting in authentication failure.
I probed further and found that seems there is a method called shouldAuthenticateOverKrb() in org.apache.hadoop.ipc.Client where it is failing. Further checking revealed that UserGroupInformation.getLoginUser() inside the above mentioned method creates a new Subject and picks up the cache from system (UserGroupInformation$HadoopConfiguration). I need that to be the principal and keytab that I am passing from a JAAS wrapper.
Please provide a solution as to how this can be done best.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org