[
https://issues.apache.org/jira/browse/HBASE-9227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13740589#comment-13740589
]
Devaraj Das commented on HBASE-9227:
------------------------------------
The problem is that in the RESTServer code, we call
loginUserFromKeytabAndReturnUGI. This doesn't set the loginUser in the UGI.
Thereafter, when the getCurrentUser would be called (which at some point would
be called in the RPC client), it would try to login, but the keytabFile
wouldn't be set and it the login will be as a regular user (non-keytab). This
will work if someone had done a kinit outside the process prior to the first
RPC invocation from the REST server. But this is not what we want.. [Note that
the keytabFile would be set only when loginUserFromKeytab is called.]
> RESTServer should handle the loginUser correctly
> ------------------------------------------------
>
> Key: HBASE-9227
> URL: https://issues.apache.org/jira/browse/HBASE-9227
> Project: HBase
> Issue Type: Bug
> Affects Versions: 0.95.0
> Reporter: Devaraj Das
> Assignee: Devaraj Das
> Priority: Blocker
> Fix For: 0.95.2
>
> Attachments: 9227-1.txt
>
>
> HBASE-8662 introduced a change by which the realUser in the method
> RESTServer.main() gets assigned to the loginUser only when the config
> hbase.rest.authentication.type is set to something (like "kerberos").
> I think we should set the realUser to loginUser even when the config
> hbase.rest.authentication.type is null. Without that the regular
> (non-impersonated) accesses also fail.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
