Vihang Karajgaonkar created HADOOP-15068:
--------------------------------------------
Summary: cancelToken and renewToken should use shortUserName
consistently
Key: HADOOP-15068
URL: https://issues.apache.org/jira/browse/HADOOP-15068
Project: Hadoop Common
Issue Type: Improvement
Components: common
Affects Versions: 2.8.2
Reporter: Vihang Karajgaonkar
{{AbstractDelegationTokenSecretManager}} is used by many external projects
including Hive. This class provides implementations of renewToken and
cancelToken which are used for the delegation token management. The methods are
semantically inconsistent. Specifically, when you call cancelToken, the string
value of the canceller is used to get the Kerberos shortname and then compared
with the renewer value of the token to be cancelled. While in case of
renewToken, the string value which is passed in is used directly to compare
with the renewer value of the token.
This inconsistency means that applications need to know about this subtle
difference and pass in the shortname while renewing the token, while it can
pass the full kerberos username during cancellation. Can we change the
renewToken method such that it uses the shortName similar to the cancelToken
method?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
