You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@phoenix.apache.org by st...@apache.org on 2021/02/25 09:31:16 UTC
[phoenix-omid] branch master updated: OMID-200 Omid client cannot
use kerberos cache when using proxyUser
This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/phoenix-omid.git
The following commit(s) were added to refs/heads/master by this push:
new f634467 OMID-200 Omid client cannot use kerberos cache when using proxyUser
f634467 is described below
commit f6344671f488b85f18d71e4c6592e1bd08a9fa99
Author: Istvan Toth <st...@apache.org>
AuthorDate: Thu Feb 25 09:18:42 2021 +0100
OMID-200 Omid client cannot use kerberos cache when using proxyUser
---
.../main/java/org/apache/omid/tools/hbase/HBaseLogin.java | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
index 3e5d197..8f3e695 100644
--- a/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
+++ b/hbase-common/src/main/java/org/apache/omid/tools/hbase/HBaseLogin.java
@@ -46,17 +46,18 @@ public final class HBaseLogin {
if (UserGroupInformation.isSecurityEnabled()) {
// Check if we need to authenticate with kerberos so that we cache the correct ConnectionInfo
UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
- if (credsProvided
- && (!currentUser.hasKerberosCredentials()
- || !isSameName(currentUser.getUserName(), config.getPrincipal()))) {
+ boolean hasKerberosCreds = currentUser.hasKerberosCredentials()
+ || (currentUser.getRealUser() != null
+ && currentUser.getRealUser().hasKerberosCredentials());
+ if (credsProvided && (!hasKerberosCreds
+ || !isSameName(currentUser.getUserName(), config.getPrincipal()))) {
synchronized (KERBEROS_LOGIN_LOCK) {
// Double check the current user, might have changed since we checked last. Don't want
// to re-login if it's the same user.
currentUser = UserGroupInformation.getCurrentUser();
- if (!currentUser.hasKerberosCredentials() || !isSameName(currentUser.getUserName(), config.getPrincipal())) {
+ if (!hasKerberosCreds || !isSameName(currentUser.getUserName(), config.getPrincipal())) {
final Configuration hbaseConfig = getConfiguration(hbaseConf, config.getPrincipal(), config.getKeytab());
- LOG.info("Trying to connect to a secure cluster as {} " +
- "with keytab {}",
+ LOG.info("Trying to connect to a secure cluster as {} with keytab {}",
hbaseConfig.get(SecureHBaseConfig.HBASE_CLIENT_PRINCIPAL_KEY),
hbaseConfig.get(SecureHBaseConfig.HBASE_CLIENT_KEYTAB_KEY));
UserGroupInformation.setConfiguration(hbaseConfig);
@@ -65,7 +66,7 @@ public final class HBaseLogin {
}
}
} else {
- if (currentUser.hasKerberosCredentials()) {
+ if (hasKerberosCreds) {
// The user already has Kerberos creds, so there isn't anything to change in the ConnectionInfo.
LOG.debug("Already logged in as {}", currentUser);
} else {