[
https://issues.apache.org/jira/browse/HADOOP-10398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13940810#comment-13940810
]
Bowen Zhang commented on HADOOP-10398:
--------------------------------------
the user who is killing the job is indeed the user who submitted the job. And
the PseudoAuthenticator is supposed to pick up the "user.name" so on oozie
server side, we know who the user is to authorize "kill/suspend".
> KerberosAuthenticator failed to fall back to PseudoAuthenticator after
> HADOOP-10078
> -----------------------------------------------------------------------------------
>
> Key: HADOOP-10398
> URL: https://issues.apache.org/jira/browse/HADOOP-10398
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Tsz Wo Nicholas Sze
> Assignee: Tsz Wo Nicholas Sze
> Attachments: a.txt, c10398_20140310.patch
>
>
> {code}
> //KerberosAuthenticator.java
> if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
> LOG.debug("JDK performed authentication on our behalf.");
> // If the JDK already did the SPNEGO back-and-forth for
> // us, just pull out the token.
> AuthenticatedURL.extractToken(conn, token);
> return;
> } else ...
> {code}
> The problem of the code above is that HTTP_OK does not implies authentication
> completed. We should check if the token can be extracted successfully.
> This problem was reported by [~bowenzhangusa] in [this
> comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823]
> earlier.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
