Todd Lipcon created KUDU-2379:
---------------------------------
Summary: Spark generates a broken authentication credentials PB
Key: KUDU-2379
URL: https://issues.apache.org/jira/browse/KUDU-2379
Project: Kudu
Issue Type: Bug
Components: java, spark
Affects Versions: 1.7.0
Reporter: Todd Lipcon
Assignee: Todd Lipcon
KUDU-2259 introduced a regression which causes Spark to not work properly on
secure clusters. The issue is the following:
- the driver calls exportAuthenticationCredentials()
-- the client hasn't yet talked to the master, so it doesn't have any
credentials yet, despite having a keytab available
-- the code is as follows:
{code}
byte[] authnData = securityContext.exportAuthenticationCredentials();
if (authnData != null) {
return Deferred.fromResult(authnData);
}
{code}
-- previously, authnData would be null in this case, and it would fall through
to connect to the cluster and then export a proper token.
-- with the new implementation, an authnData is returned which is devoid of
real credentials but contains a realUser. So, it's non-null, and it gets
returned immediately
- the tasks then get credentials with no tokens and can't connect
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
