[
https://issues.apache.org/jira/browse/HADOOP-11176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14163738#comment-14163738
]
Arun Suresh commented on HADOOP-11176:
--------------------------------------
Please do note.. as demonstrated in the testcases, it can fail in the case of
SIMPLE auth as well since both the "user.name" and "doAs" parameters sent by
KMSClientProvider to the KMS server would always be the same... this patch
fixes that..
> KMSClientProvider authentication fails when when both currentUgi and loginUgi
> is a proxied user
> -----------------------------------------------------------------------------------------------
>
> Key: HADOOP-11176
> URL: https://issues.apache.org/jira/browse/HADOOP-11176
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Arun Suresh
> Attachments: HADOOP-11176.1.patch
>
>
> In a secure environment, with kerberos, when the KMSClientProvider instance
> is created in the context of a proxied user, The initial SPNEGO handshake is
> made with the currentUser (the proxied user) as the Principal.. this will
> fail, since the proxied user is not logged in.
> The handshake must be done using the real user.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
