Bowen,
JIRA is down. So doing a reply.
I have run the branch-0.4 code with hadoop 1.x and it works fine for me
with those two mappings. Looks like that mapping is not taking effect for
you for some reason.
FSNameSystem.java
renewDelegationToken():
String renewer = UserGroupInformation.getCurrentUser().getShortUserName();
long expiryTime = dtSecretManager.renewToken(token, renewer);
if (!id.getRenewer().toString().equals(renewer)) {
throw new AccessControlException("Client " + renewer +
" tries to renew a token with " +
"renewer specified as " +
id.getRenewer());
}
So initially the mapping has worked fine and the renewer has been set to
"mapred" in the token when doing getDelegationToken. But when renewing
jt/<host>@HORTON.<DOMAIN> is the value of
UserGroupInformation.getCurrentUser().getShortUserName(); instead of mapred
which means auth_to_local setting is not taking effect properly either in
NN or JT.
Regards,
Rohini
On Thu, May 9, 2013 at 9:35 AM, Bowen Zhang (JIRA) <[email protected]> wrote:
>
> [
> https://issues.apache.org/jira/browse/OOZIE-1362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13653056#comment-13653056]
>
> Bowen Zhang commented on OOZIE-1362:
> ------------------------------------
>
> Yes, we do have these two rules. But in hadoop-1, we expect shortname to
> be the lookup key for the delegation token.
>
> > RM token renewer as full service principal is incompatible with hadoop-1
> > ------------------------------------------------------------------------
> >
> > Key: OOZIE-1362
> > URL: https://issues.apache.org/jira/browse/OOZIE-1362
> > Project: Oozie
> > Issue Type: Bug
> > Reporter: Bowen Zhang
> >
>
>
> --
> This message is automatically generated by JIRA.
> If you think it was sent incorrectly, please contact your JIRA
> administrators
> For more information on JIRA, see: http://www.atlassian.com/software/jira
>
