[
https://issues.apache.org/jira/browse/HADOOP-10559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13986754#comment-13986754
]
Steve Loughran commented on HADOOP-10559:
-----------------------------------------
Looking at the code, I'm not being clear about this. The core issue is that the
UGI returned in the {{getLoginUser()}} can can only be initialized once -and if
it is done before the client gets to push down their desired configuration,
with their desired security options, you end up with simple auth that doesn't
work with a secure cluster
> add a method to UserGroupInformation to load settings from a given conf file
> ----------------------------------------------------------------------------
>
> Key: HADOOP-10559
> URL: https://issues.apache.org/jira/browse/HADOOP-10559
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.4.0
> Reporter: Steve Loughran
>
> There's no easy way to set up the security parameters of a process unless
> it's set in core-site.xml, because it's just inited via:
> {{initialize(new Configuration(), false);}}
> # If it is defined in an XML resource injected in to the config resource list
> via {{Configuration.addResource()}} -then it *may* get picked up, but only if
> nothing has already created the configs.
> # If it is defined in any other means -you can't get it in.
> This is an issue with client apps that don't have core-site XML files on
> their classpath, and which are loading their configs more dynamically.
> Everything works on an insecure cluster, but try to target a secure one and
> things break.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
