[
https://issues.apache.org/jira/browse/HADOOP-9852?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13776109#comment-13776109
]
Kai Zheng commented on HADOOP-9852:
-----------------------------------
Could I have some comments on this?
I understand to make the static keytab and principal not static any more the
patch wraps them in the loginConf and then keeps the loginConf in the private
credentials of the UGI's user object. How about keeping the loginConf in the
UGI object directly as HADOOP-9797 does similarly? In HADOOP-9797, UGI keeps
the HadoopLogin object, which contains the needed login configuration, and only
for Kerberos keytab login configuration, it saves the keytab and principal
variables. I understand HADOOP-9797 can't serve here since it's too large,
though.
One minor, since it adds getLoginConfiguration(), would be better to have
setLoginConfiguration(), instead of changing the existing to have
setLogin(LoginContext login, HadoopConfiguration loginConf).
> UGI login user keytab and principal should not be static
> --------------------------------------------------------
>
> Key: HADOOP-9852
> URL: https://issues.apache.org/jira/browse/HADOOP-9852
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HADOOP-9852.patch
>
>
> The static keytab and principal for the login user is problematic. The login
> conf explicitly references these statics. As a result,
> loginUserFromKeytabAndReturnUGI is unnecessarily synch'ed on the class to
> swap out the login user's keytab and principal, login, then restore the
> keytab/principal. This method's synch blocks further de-synching of other
> methods.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
