You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Partha Pratim Ghosh (JIRA)" <ji...@apache.org> on 2016/06/29 12:57:37 UTC

[jira] [Created] (HADOOP-13328) Hadoop security not getting wrapped in JAAS

Partha Pratim Ghosh created HADOOP-13328:
--------------------------------------------

             Summary: Hadoop security not getting wrapped in JAAS
                 Key: HADOOP-13328
                 URL: https://issues.apache.org/jira/browse/HADOOP-13328
             Project: Hadoop Common
          Issue Type: Bug
            Reporter: Partha Pratim Ghosh


I have a requirement where I need to call two hadoop instances (through separate spark contexts) from same J2EE application. These 2 instances shall open with separate kerberos principal and keytabs to be decided while creating the instances.

The issue I am getting is that even when I wrap the call in a JAAS Subject.doAsPrivileged after login with principal and keytab the underlying Hadoop call is picking up the System's kerberos cache instead of the provided principal and keytab, resulting in authentication failure.

I probed further and found that seems there is a method called shouldAuthenticateOverKrb() in org.apache.hadoop.ipc.Client where it is failing. Further checking revealed that UserGroupInformation.getLoginUser() inside the above mentioned method creates a new Subject and picks up the cache from system (UserGroupInformation$HadoopConfiguration). I need that to be the principal and keytab that I am passing from a JAAS wrapper.

Please provide a solution as to how this can be done best.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org