[ https://issues.apache.org/jira/browse/HADOOP-11482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli updated HADOOP-11482: --------------------------------------------- Fix Version/s: 2.6.1 Pulled this into 2.6.1 after [~ajisakaa] verified that the patch applies cleanly. Ran compilation and TestKMS before the push. > Use correct UGI when KMSClientProvider is called by a proxy user > ---------------------------------------------------------------- > > Key: HADOOP-11482 > URL: https://issues.apache.org/jira/browse/HADOOP-11482 > Project: Hadoop Common > Issue Type: Bug > Affects Versions: 2.6.0 > Reporter: Arun Suresh > Assignee: Arun Suresh > Labels: 2.6.1-candidate > Fix For: 2.6.1, 2.7.0 > > Attachments: HADOOP-11482.1.patch, HADOOP-11482.2.patch > > > Long Living clients of HDFS (For eg. OOZIE) use cached DFSClients which in > turn use a cached KMSClientProvider to talk to KMS. > Before an MR Job is run, the job client calls the > {{DFClient.addDelegationTokens()}} method which calls > {{addDelegationTokens()}} on the {{KMSClientProvider}} to get any delegation > token associated to the user. > Unfortunately, this call uses a cached > {{DelegationTokenAuthenticationURL.Token}} instance which can cause the > {{SignerSecretProvider}} implementation of the {{AuthenticationFilter}} at > the KMS Server end to fail validation. Which results in the MR job itself > failing. -- This message was sent by Atlassian JIRA (v6.3.4#6332)