You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "chendihao (JIRA)" <ji...@apache.org> on 2019/02/19 11:33:00 UTC
[jira] [Created] (HADOOP-16122) Re-login for multiple Hadoop users
without updating global static UGI attributes
chendihao created HADOOP-16122:
----------------------------------
Summary: Re-login for multiple Hadoop users without updating global static UGI attributes
Key: HADOOP-16122
URL: https://issues.apache.org/jira/browse/HADOOP-16122
Project: Hadoop Common
Issue Type: Bug
Components: auth
Reporter: chendihao
In our scenario, we have a service to allow multiple users to access HDFS with their keytab. The users have different Hadoop user and permission to access the HDFS files. The service will run with multi-threads and create one independent UGI object for each user and use the UGI to create Hadoop FileSystem object to read/write HDFS.
Since we have multiple Hadoop users in the same process, we have to use `loginUserFromKeytabAndReturnUGI` instead of `loginUserFromKeytab`. The `loginUserFromKeytabAndReturnUGI` will not do the re-login automatically. Then we have to call `checkTGTAndReloginFromKeytab` or `reloginFromKeytab` before the kerberos ticket expires.
The issue is that `reloginFromKeytab` will use the static User and static Subject objects to check the authentication and re-login. In fact, we want to re-login with the current User and Subject instead of the global static one.
Because of this issue, we can only support multiple Hadoop users to login with their own keytabs but not re-login when the tickets expire.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org