[
https://issues.apache.org/jira/browse/HDFS-10424?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-10424:
---------------------------------
Attachment: HDFS-10424.001.patch
[~gu chi], thank you for the bug report. I was able to reproduce it in a
secured cluster, and then I verified that the attached patch fixes it.
This patch also includes a new test suite designed to catch similar kinds of
bugs in the future. It works by scanning the list of protocol classes covered
by {{HDFSPolicyProvider}} and then comparing that to *Protocol interfaces
implemented by known RPC server classes. If it finds a protocol interface
implemented by a server, but not covered in the policy, then it fails. This
way, if we add new protocols, but forget to update {{HDFSPolicyProvider}}, then
the test will fail during pre-commit.
Interestingly, this test immediately exposed another potential offender:
{{ReconfigurationProtocol}}. I've coded the test to skip checking that one for
now in the interest of expediting the patch here. I'll file a separate JIRA
for follow-up on that one and contact contributors who have worked on
reconfiguration.
> DatanodeLifelineProtocol not able to use under security cluster
> ---------------------------------------------------------------
>
> Key: HDFS-10424
> URL: https://issues.apache.org/jira/browse/HDFS-10424
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.8.0
> Reporter: gu-chi
> Priority: Blocker
> Attachments: HDFS-10424.001.patch
>
>
> {quote}
> protocol org.apache.hadoop.hdfs.server.protocol.DatanodeLifelineProtocol is
> unauthorized for user ***** (auth:KERBEROS) | Server.java:1979
> {quote}
> I am using security cluster authenticate with kerberos, as I checked the the
> code, if security auth enabled, because the DatanodeLifelineProtocol is not
> inside HDFSPolicyProvider, when authorize in ServiceAuthorizationManager,
> AuthorizationException will be thrown at line 96.
> Please point me out if I am wrong
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
