[
https://issues.apache.org/jira/browse/FLUME-2557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14218360#comment-14218360
]
Joey Echeverria commented on FLUME-2557:
----------------------------------------
The user is not already logged in, at least not with Kerberos. The issue is
that:
{code:java}
currentUser = UserGroupInformation.getLoginUser();
{code}
Will always return a UGI. When there is not TGT, it returns the current OS user
with authentication method SIMPLE. That means this:
{code:java}
if (finalPrincipal == null ||
finalPrincipal.equals(currentUser.getUserName())) {
{code}
will always fail unless your username and the Kerberos principal match exactly.
But in that case, there will be no TGT and you'll get GSS initiate failures
later on.
It's possible this is caused by a change in Hadoop at some point, but the unit
tests I added fail without the changes to KerberosUtil so I'd say it just plain
doesn't work.
> DatasetSink doesn't work with Kerberos
> --------------------------------------
>
> Key: FLUME-2557
> URL: https://issues.apache.org/jira/browse/FLUME-2557
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Affects Versions: v1.5.2
> Reporter: Joey Echeverria
> Assignee: Joey Echeverria
> Fix For: v1.6.0
>
> Attachments: FLUME-2557.patch
>
>
> When configuring Kerberos, you'll get an error such as:
> Sink kite-dataset has been removed due to an error during configuration
> org.apache.flume.sink.kite.KerberosUtil$SecurityException: Cannot use
> multiple Kerberos principals:
> flume/[email protected] would replace flume
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
