[
https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Lipcon updated KUDU-2379:
------------------------------
Status: In Review (was: Open)
> Spark generates a broken authentication credentials PB
> ------------------------------------------------------
>
> Key: KUDU-2379
> URL: https://issues.apache.org/jira/browse/KUDU-2379
> Project: Kudu
> Issue Type: Bug
> Components: java, spark
> Affects Versions: 1.7.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
>
> KUDU-2259 introduced a regression which causes Spark to not work properly on
> secure clusters. The issue is the following:
> - the driver calls exportAuthenticationCredentials()
> -- the client hasn't yet talked to the master, so it doesn't have any
> credentials yet, despite having a keytab available
> -- the code is as follows:
> {code}
> byte[] authnData = securityContext.exportAuthenticationCredentials();
> if (authnData != null) {
> return Deferred.fromResult(authnData);
> }
> {code}
> -- previously, authnData would be null in this case, and it would fall
> through to connect to the cluster and then export a proper token.
> -- with the new implementation, an authnData is returned which is devoid of
> real credentials but contains a realUser. So, it's non-null, and it gets
> returned immediately
> - the tasks then get credentials with no tokens and can't connect
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
