Wei-Chiu Chuang commented on HADOOP-13638:

Here's what I did to verify the patch:

Configure a CDH Hadoop cluster using LdapGroupsMapping and KMS. The KMS ACL 
rule denies "group1" from decrypting the key. I added additional log at 
{{Groups#<init>}} to print the class name of the GroupMapping resolution 
object. Subsequently, I started KMS and do a few operations in a HDFS 
encryption zone to observe the class name printed.

> KMS should set UGI's Configuration object properly
> --------------------------------------------------
>                 Key: HADOOP-13638
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13638
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>         Attachments: HADOOP-13638.001.patch
> We found that the Configuration object in UGI in KMS server is not 
> initialized properly, therefore it does not load core-site.xml from 
> {{KMSConfiguration.KMS_CONFIG_DIR}}.
> This becomes a problem when the Hadoop cluster uses LdapGroupsMapping for 
> group resolution, because the UGI in KMS falls back to the default 
> JniBasedUnixGroupsMappingWithFallback (defined in core-default.xml) and is 
> thus not consistent with the Hadoop cluster.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to