[ https://issues.apache.org/jira/browse/HBASE-14579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14982571#comment-14982571 ]
Nicolas Liochon commented on HBASE-14579: ----------------------------------------- > Does this also happen for users authenticated with authentication tokens > ("auth:SIMPLE" instead of "auth:TOKEN" or "auth:DIGEST")? For digest, I tink it's ok, the code is RpcServer is {code} private UserGroupInformation getAuthorizedUgi(String authorizedId) throws IOException { if(this.authMethod == AuthMethod.DIGEST) { TokenIdentifier tokenId = HBaseSaslRpcServer.getIdentifier(authorizedId, RpcServer.this.secretManager); UserGroupInformation ugi = tokenId.getUser(); if(ugi == null) { throw new AccessDeniedException("Can\'t retrieve username from tokenIdentifier."); } else { ugi.addTokenIdentifier(tokenId); return ugi; } } else { return UserGroupInformation.createRemoteUser(authorizedId); <==================== auth method replaced by "SIMPLE" } } {code} > The latest patch (v3) for HBASE-14700 contains a fix for the UGI auth method > logged. Please take a look there if you have a chance. Looking... > Users authenticated with KERBEROS are recorded as being authenticated with > SIMPLE > --------------------------------------------------------------------------------- > > Key: HBASE-14579 > URL: https://issues.apache.org/jira/browse/HBASE-14579 > Project: HBase > Issue Type: Bug > Components: security > Affects Versions: 1.0.0, 1.2.0, 0.98.15 > Reporter: Nicolas Liochon > Assignee: Nicolas Liochon > Priority: Minor > Fix For: 2.0.0 > > Attachments: hbase-14579.patch > > > That's the HBase version of HADOOP-10683. > We see: > ??hbase.Server (RpcServer.java:saslReadAndProcess(1446)) - Auth successful > for securedUser/localh...@example.com (auth:SIMPLE)?? > while we would like to see: > ??hbase.Server (RpcServer.java:saslReadAndProcess(1446)) - Auth successful > for securedUser/localh...@example.com (auth:KERBEROS)?? > The fix is simple, but it means we need hadoop 2.5+. > There is also a lot of cases where HBase calls "createUser" w/o specifying > the authentication method... I don"'t have the solution for these ones. -- This message was sent by Atlassian JIRA (v6.3.4#6332)