[
https://issues.apache.org/jira/browse/OOZIE-1362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13655703#comment-13655703
]
Rohini Palaniswamy commented on OOZIE-1362:
-------------------------------------------
I have run the branch-0.4 code with hadoop 1.x and it works fine for me with
those two mappings. Looks like that mapping is not taking effect for you for
some reason.
FSNameSystem.java
renewDelegationToken():
String renewer = UserGroupInformation.getCurrentUser().getShortUserName();
long expiryTime = dtSecretManager.renewToken(token, renewer);
if (!id.getRenewer().toString().equals(renewer)) {
throw new AccessControlException("Client " + renewer +
" tries to renew a token with " +
"renewer specified as " +
id.getRenewer());
}
So initially the mapping has worked fine and the renewer has been set to
"mapred" in the token when doing getDelegationToken. But when renewing
jt/<host>@HORTON.<DOMAIN> is the value of
UserGroupInformation.getCurrentUser().getShortUserName(); instead of mapred
which means auth_to_local setting is not taking effect properly either in NN or
JT.
> RM token renewer as full service principal is incompatible with hadoop-1
> ------------------------------------------------------------------------
>
> Key: OOZIE-1362
> URL: https://issues.apache.org/jira/browse/OOZIE-1362
> Project: Oozie
> Issue Type: Bug
> Reporter: Bowen Zhang
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
