[
https://issues.apache.org/jira/browse/HADOOP-12389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14737041#comment-14737041
]
Allen Wittenauer commented on HADOOP-12389:
-------------------------------------------
bq. do you have any trouble or usecase for this?
I hit it several times while playing around with WebHDFS on an unsecure
cluster. This particular case is almost certainly more fallout from the
2.4/2.5 hack job on WebHDFS auth.
bq. I think it is not problem to prohibit impersonation without explicit
configuration.
How about this: if there is no proxy entry for a given user, then self
impersonation is allowed. This protects against the few cases where self
impersonation would be a bad thing, because at least in all the cases I'm
thinking of, those services always have a proxy entry anyway.
> allow self-impersonation
> ------------------------
>
> Key: HADOOP-12389
> URL: https://issues.apache.org/jira/browse/HADOOP-12389
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 3.0.0
> Reporter: Allen Wittenauer
> Labels: 3
>
> This is kind of dumb:
> org.apache.hadoop.security.authorize.AuthorizationException: User: aw is not
> allowed to impersonate aw
> Users should be able to impersonate themselves in secure and non-secure cases
> automatically, for free.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
