[jira] [Comment Edited] (HBASE-9227) RESTServer should handle the loginUser correctly

Wed, 14 Aug 2013 19:17:11 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-9227?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13740589#comment-13740589
 ] 

Devaraj Das edited comment on HBASE-9227 at 8/15/13 2:15 AM:
-------------------------------------------------------------

The problem is that in the RESTServer code, we call 
loginUserFromKeytabAndReturnUGI. This doesn't set the loginUser in the UGI. 
Thereafter, when the getCurrentUser would be called (which at some point would 
be called in the RPC client), it would try to login, but the keytabFile 
wouldn't be set and the login will be as a regular user (non-keytab). This will 
work if someone had done a kinit outside the process prior to the first RPC 
invocation from the REST server. But this is not what we want.. [Note that the 
keytabFile would be set only when loginUserFromKeytab is called.]
                
      was (Author: devaraj):
    The problem is that in the RESTServer code, we call 
loginUserFromKeytabAndReturnUGI. This doesn't set the loginUser in the UGI. 
Thereafter, when the getCurrentUser would be called (which at some point would 
be called in the RPC client), it would try to login, but the keytabFile 
wouldn't be set and it the login will be as a regular user (non-keytab). This 
will work if someone had done a kinit outside the process prior to the first 
RPC invocation from the REST server. But this is not what we want.. [Note that 
the keytabFile would be set only when loginUserFromKeytab is called.]
                  
> RESTServer should handle the loginUser correctly
> ------------------------------------------------
>
>                 Key: HBASE-9227
>                 URL: https://issues.apache.org/jira/browse/HBASE-9227
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 0.95.0
>            Reporter: Devaraj Das
>            Assignee: Devaraj Das
>            Priority: Blocker
>             Fix For: 0.95.2
>
>         Attachments: 9227-1.txt
>
>
> HBASE-8662 introduced a change by which the realUser in the method 
> RESTServer.main() gets assigned to the loginUser only when the config 
> hbase.rest.authentication.type is set to something (like "kerberos").
> I think we should set the realUser to loginUser even when the config 
> hbase.rest.authentication.type is null. Without that the regular 
> (non-impersonated) accesses also fail.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to