ZanderXu opened a new pull request, #4853:
URL: https://github.com/apache/hadoop/pull/4853
RBF just proxies the client's user by the login user for Kerberos
authentication.
If the cluster uses the SIMPLE authentication method, the RBF will not
proxies the client's user by the login user, the downstream namespace will not
be able to use the real clientIp, clientPort, clientId and callId even if the
namenode configured `dfs.namenode.ip-proxy-users`.
And the related code of RBF as bellow:
```
UserGroupInformation connUGI = ugi;
if (UserGroupInformation.isSecurityEnabled()) {
UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
connUGI = UserGroupInformation.createProxyUser(
ugi.getUserName(), routerUser);
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
