[jira] [Assigned] (RANGER-3233) Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka Login Manager

Ramesh Mani (Jira) Mon, 05 Apr 2021 16:15:06 -0700


     [ 
https://issues.apache.org/jira/browse/RANGER-3233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ramesh Mani reassigned RANGER-3233:
-----------------------------------

    Assignee: Ramesh Mani

> Ranger Kafka Plugin changes to get the UGI from  Kafka client JAAS config 
> instead of Subject from Kafka Login Manager
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-3233
>                 URL: https://issues.apache.org/jira/browse/RANGER-3233
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>            Reporter: Ramesh Mani
>            Assignee: Ramesh Mani
>            Priority: Major
>
> Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config 
> instead of Subject from Kafka Login Manager.
> When UGI is created with Subject from Kafka LoginManager, Ranger Kafka Plugin 
> fails with kerberos error because of changed kerberos identity when ticket 
> expires and subject load all the principals based on the GSS mechanism used.
> https://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/BasicClientServer.html#useSub
> This was reported in https://issues.apache.org/jira/browse/RANGER-2810 which 
> has a work around. Solution would be to have the UGI created with the kafka 
> client JAAS and use it in plugin. This will help is Kerberos ticket renewed 
> properly and avoid using the Subject() which may cause issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Assigned] (RANGER-3233) Ranger Kafka Plugin changes to get the UGI from Kafka client JAAS config instead of Subject from Kafka Login Manager

Reply via email to