gaborgsomogyi opened a new pull request, #22889:
URL: https://github.com/apache/flink/pull/22889
## What is the purpose of the change
In `KerberosLoginProvider.isLoginPossible()` there is a call to
`UserGroupInformation.getCurrentUser()` before principal check (keytab usage).
This triggers an accidental login with either kerberos credentials if
available, or as the local OS user, based on security settings. This is not
problematic most of the time since `KerberosLoginProvider.doLogin()` overwrites
the credentials with keytab. The problem hurts however when login in
`KerberosLoginProvider.isLoginPossible()` fails for whatever reason. Such case
the workload is just not starting.
## Brief change log
Removed accidental login in `KerberosLoginProvider.isLoginPossible()`.
## Verifying this change
Added new automated test.
## Does this pull request potentially affect one of the following parts:
- Dependencies (does it add or upgrade a dependency): no
- The public API, i.e., is any changed class annotated with
`@Public(Evolving)`: no
- The serializers: no
- The runtime per-record code paths (performance sensitive): no
- Anything that affects deployment or recovery: JobManager (and its
components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
- The S3 file system connector: no
## Documentation
- Does this pull request introduce a new feature? no
- If yes, how is the feature documented? not applicable
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
