Partha Pratim Ghosh created HADOOP-13328:
--------------------------------------------
Summary: Hadoop security not getting wrapped in JAAS
Key: HADOOP-13328
URL: https://issues.apache.org/jira/browse/HADOOP-13328
Project: Hadoop Common
Issue Type: Bug
Reporter: Partha Pratim Ghosh
I have a requirement where I need to call two hadoop instances (through
separate spark contexts) from same J2EE application. These 2 instances shall
open with separate kerberos principal and keytabs to be decided while creating
the instances.
The issue I am getting is that even when I wrap the call in a JAAS
Subject.doAsPrivileged after login with principal and keytab the underlying
Hadoop call is picking up the System's kerberos cache instead of the provided
principal and keytab, resulting in authentication failure.
I probed further and found that seems there is a method called
shouldAuthenticateOverKrb() in org.apache.hadoop.ipc.Client where it is
failing. Further checking revealed that UserGroupInformation.getLoginUser()
inside the above mentioned method creates a new Subject and picks up the cache
from system (UserGroupInformation$HadoopConfiguration). I need that to be the
principal and keytab that I am passing from a JAAS wrapper.
Please provide a solution as to how this can be done best.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
