[
https://issues.apache.org/jira/browse/NIFI-3520?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeff Storck updated NIFI-3520:
------------------------------
Status: Patch Available (was: Open)
> HDFS processors experiencing Kerberos "impersonate" errors
> -----------------------------------------------------------
>
> Key: NIFI-3520
> URL: https://issues.apache.org/jira/browse/NIFI-3520
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 1.0.1, 1.1.1, 1.1.0, 1.0.0
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> When multiple Kerberos principals are used between multiple HDFS processors,
> the processor instances will be able to login to Kerberos with their
> configured principals initially, but will not properly relogin.
> For example, if there are two PutHDFS processors, one configured as
> [email protected], and the other as [email protected], they will both login
> with the KDC correctly and be able to transfer files to HDFS. Once one of
> the PutHDFS processors attempts to relogin, it may end up being logged in as
> the principal from the other PutHDFS processor. The principal contexts end
> up getting switched, and the hadoop client used by the processor will attempt
> to proxy requests from one user through another, resulting in the following
> exception:
> {panel}Failed to write to HDFS due to
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: [email protected] is not allowed to impersonate
> [email protected]{panel}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
