[
https://issues.apache.org/jira/browse/OOZIE-1128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13528488#comment-13528488
]
Alejandro Abdelnur commented on OOZIE-1128:
-------------------------------------------
After looking at the code, it seem the right thing to do is, if the user of the
request is not UNDEF, then inject that user in the received configuration,
overriding the user that came from the client.
This will work with any time of authentication mechanism, provided or custom.
> When a user submitting a job is not UNDEF in the request, it should use that
> user as the submitter
> --------------------------------------------------------------------------------------------------
>
> Key: OOZIE-1128
> URL: https://issues.apache.org/jira/browse/OOZIE-1128
> Project: Oozie
> Issue Type: Bug
> Components: core
> Affects Versions: 3.3.0
> Reporter: Alejandro Abdelnur
> Fix For: 3.3.1
>
>
> If Oozie is configured with simple authentication, the user submitting the
> job is taken from the user.name property coming in the request. Which, in the
> case of Oozie Java client and CLI, is the taking from the
> System.getProperties("user.name") property from the client JVM.
> When using another form of authentication, ie Kerberos, if the kerberos
> principal short and the client JVM user.name are the same things work ok.
> However, Oozie throws an E0400 error if they don't match.
> Instead, Oozie should use the authenticated user and override the user in the
> configuration with it.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
