[
https://issues.apache.org/jira/browse/HADOOP-11482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vinod Kumar Vavilapalli updated HADOOP-11482:
---------------------------------------------
Fix Version/s: 2.6.1
Pulled this into 2.6.1 after [~ajisakaa] verified that the patch applies
cleanly. Ran compilation and TestKMS before the push.
> Use correct UGI when KMSClientProvider is called by a proxy user
> ----------------------------------------------------------------
>
> Key: HADOOP-11482
> URL: https://issues.apache.org/jira/browse/HADOOP-11482
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.6.0
> Reporter: Arun Suresh
> Assignee: Arun Suresh
> Labels: 2.6.1-candidate
> Fix For: 2.6.1, 2.7.0
>
> Attachments: HADOOP-11482.1.patch, HADOOP-11482.2.patch
>
>
> Long Living clients of HDFS (For eg. OOZIE) use cached DFSClients which in
> turn use a cached KMSClientProvider to talk to KMS.
> Before an MR Job is run, the job client calls the
> {{DFClient.addDelegationTokens()}} method which calls
> {{addDelegationTokens()}} on the {{KMSClientProvider}} to get any delegation
> token associated to the user.
> Unfortunately, this call uses a cached
> {{DelegationTokenAuthenticationURL.Token}} instance which can cause the
> {{SignerSecretProvider}} implementation of the {{AuthenticationFilter}} at
> the KMS Server end to fail validation. Which results in the MR job itself
> failing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
