[
https://issues.apache.org/jira/browse/FLINK-31109?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17691740#comment-17691740
]
Venkata krishnan Sowrirajan edited comment on FLINK-31109 at 2/21/23 6:29 PM:
------------------------------------------------------------------------------
[~martijnvisser] I'm still looking into it. I would probably need till the end
of this week for the fix and all the internal testing that needs to be done
before raising the PR. Do you have any timelines in mind?
was (Author: vsowrirajan):
[~martijnvisser] I'm still looking into it. I would probably need till the end
of this week for the fix and all the internal testing that needs to be done
before raising the PR.
> Fails with proxy user not supported even when
> security.kerberos.fetch.delegation-token is set to false
> ------------------------------------------------------------------------------------------------------
>
> Key: FLINK-31109
> URL: https://issues.apache.org/jira/browse/FLINK-31109
> Project: Flink
> Issue Type: Bug
> Components: Runtime / Coordination
> Affects Versions: 1.17.0
> Reporter: Venkata krishnan Sowrirajan
> Assignee: Venkata krishnan Sowrirajan
> Priority: Blocker
>
> With
> {code:java}
> security.kerberos.fetch.delegation-token: false
> {code}
> and delegation tokens obtained through our internal service which sets both
> HADOOP_TOKEN_FILE_LOCATION to pick up the DTs and also sets the
> HADOOP_PROXY_USER which fails with the below error
> {code:java}
> SLF4J: Class path contains multiple SLF4J bindings.
> SLF4J: Found binding in
> [jar:file:/export/home/vsowrira/flink-1.18-SNAPSHOT/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
> SLF4J: Found binding in
> [jar:file:/export/apps/hadoop/hadoop-bin_2100503/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
> explanation.
> SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
> org.apache.flink.runtime.security.modules.SecurityModule$SecurityInstallException:
> Unable to set the Hadoop login user
> at
> org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:106)
> at
> org.apache.flink.runtime.security.SecurityUtils.installModules(SecurityUtils.java:76)
> at
> org.apache.flink.runtime.security.SecurityUtils.install(SecurityUtils.java:57)
> at
> org.apache.flink.client.cli.CliFrontend.mainInternal(CliFrontend.java:1188)
> at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1157)
> Caused by: java.lang.UnsupportedOperationException: Proxy user is not
> supported
> at
> org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.throwProxyUserNotSupported(KerberosLoginProvider.java:137)
> at
> org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.isLoginPossible(KerberosLoginProvider.java:81)
> at
> org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:73)
> ... 4 more
> {code}
> This seems to have gotten changed after
> [480e6edf|https://github.com/apache/flink/commit/480e6edf9732f8334ef7576080fdbfc98051cb28]
> ([FLINK-28330][runtime][security] Remove old delegation token framework code)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
