[
https://issues.apache.org/jira/browse/HBASE-14580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14951399#comment-14951399
]
Gary Helmling commented on HBASE-14580:
---------------------------------------
{code}
"kerberos".equalsIgnoreCase(c.get("hbase.security.authentication",
null))) {
{code}
Instead of hard-coding the config values, can you use
{{User.isHBaseSecurityEnabled(c)}}?
The username suffixes were fed into the data dirs used by each DN/RS's for a
"distributed" minicluster setup (or at least they did way back when I last
looked at HBaseTestingUtility). So, as I understand it, that would not be an
issue here are Kerberos would only be supported with a single node setup?
> Make the HBaseMiniCluster compliant with Kerberos
> -------------------------------------------------
>
> Key: HBASE-14580
> URL: https://issues.apache.org/jira/browse/HBASE-14580
> Project: HBase
> Issue Type: Improvement
> Components: security, test
> Affects Versions: 2.0.0
> Reporter: Nicolas Liochon
> Assignee: Nicolas Liochon
> Fix For: 2.0.0
>
> Attachments: patch-14580.v1.patch
>
>
> Whne using MiniKDC and the minicluster in a unit test, there is a conflict
> causeed by HBaseTestingUtility:
> {code}
> public static User getDifferentUser(final Configuration c,
> final String differentiatingSuffix)
> throws IOException {
> // snip
> String username = User.getCurrent().getName() +
> differentiatingSuffix; <==================== problem here
> User user = User.createUserForTesting(c, username,
> new String[]{"supergroup"});
> return user;
> }
> {code}
> This creates users like securedUser/[email protected], and this
> does not work.
> My fix is to return the current user when Kerberos is set. I don't think that
> there is another option (any other opinion?). However this user is not in a
> group so we have logs like 'WARN [IPC Server handler 9 on 61366]
> security.UserGroupInformation (UserGroupInformation.java:getGroupNames(1521))
> - No groups available for user securedUser' I'm not sure of its impact.
> [~apurtell], what do you think?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
