[jira] [Commented] (HDFS-16756) RBF proxies the client's user by the login user to enable CacheEntry

Mon, 05 Sep 2022 05:53:19 -0700 


    [ 
https://issues.apache.org/jira/browse/HDFS-16756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17600388#comment-17600388
 ] 

ASF GitHub Bot commented on HDFS-16756:
---------------------------------------

ZanderXu opened a new pull request, #4853:
URL: https://github.com/apache/hadoop/pull/4853

   RBF just proxies the client's user by the login user for Kerberos 
authentication. 
   
   If the cluster uses the SIMPLE authentication method, the RBF will not 
proxies the client's user by the login user, the downstream namespace will not 
be able to use the real clientIp, clientPort, clientId and callId even if the 
namenode configured `dfs.namenode.ip-proxy-users`.
   
    And the related code of RBF as bellow:
   ```
   UserGroupInformation connUGI = ugi;
   if (UserGroupInformation.isSecurityEnabled()) {
     UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
     connUGI = UserGroupInformation.createProxyUser(
         ugi.getUserName(), routerUser);
   }
   ``` 




> RBF proxies the client's user by the login user to enable CacheEntry
> --------------------------------------------------------------------
>
>                 Key: HDFS-16756
>                 URL: https://issues.apache.org/jira/browse/HDFS-16756
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: ZanderXu
>            Assignee: ZanderXu
>            Priority: Major
>
> RBF just proxies the client's user by the login user for Kerberos 
> authentication. If the cluster uses the SIMPLE authentication method, the RBF 
> will not proxies the client's user by the login user, the downstream 
> namespace will not use the real clientIp, clientPort, clientId and callId 
> even if the namenode configured dfs.namenode.ip-proxy-users.
>  
> And the related code as bellow:
> {code:java}
> UserGroupInformation connUGI = ugi;
> if (UserGroupInformation.isSecurityEnabled()) {
>   UserGroupInformation routerUser = UserGroupInformation.getLoginUser();
>   connUGI = UserGroupInformation.createProxyUser(
>       ugi.getUserName(), routerUser);
> } {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to