You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "James Taylor (JIRA)" <ji...@apache.org> on 2016/09/10 20:01:21 UTC

[jira] [Commented] (PHOENIX-3175) Unnecessary UGI proxy user impersonation check

    [ https://issues.apache.org/jira/browse/PHOENIX-3175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15480360#comment-15480360 ] 

James Taylor commented on PHOENIX-3175:
---------------------------------------

Would you have some cycles to check this in, [~elserj]?

> Unnecessary UGI proxy user impersonation check
> ----------------------------------------------
>
>                 Key: PHOENIX-3175
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-3175
>             Project: Phoenix
>          Issue Type: Bug
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 4.9.0, 4.8.1
>
>         Attachments: PHOENIX-3175.001.patch
>
>
> While looking at some issues reported by [~jpplayer], we found that some of the default Hadoop proxyuser configuration properties in core-site.xml weren't working as intended.
> [~devaraj]'s keen eye noticed that PQS was doing an unnecessary UGI ProxyUser impersonation check.
> We can rely on the SPNEGO authentication as the barrier to use PQS, but then defer to the impersonation check that HBase is already doing as to which PQS instances are allowed to talk to HBase (defined by core-site.xml).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)