FAQ
SecurityUtils' TGT fetching does not fall back to "login" user
--------------------------------------------------------------

Key: HADOOP-6946
URL: https://issues.apache.org/jira/browse/HADOOP-6946
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 0.22.0
Reporter: Todd Lipcon
Assignee: Todd Lipcon


In SecurityUtil.getTgtFromSubject and SecurityUtil.fetchServiceTicket, the current JAAS Subject is fetched directly from the AccessController, rather than using UserGroupInformation.getCurrentUser().getSubject(). This means that if it is not run in the confines of a doAs() block, it will fail since the current JAAS subject is null, even though SecurityUtil.login(...) may have been called.

In practice, one place this shows up is using the secondary namenode's "-checkpoint force" option in secured 0.20, since it's done inside the main thread with no surrounding doAs().

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
categorieshadoop
postedSep 9, '10 at 3:47a
activeSep 9, '10 at 3:47a
posts1
users1
websitehadoop.apache.org...
irc#hadoop

1 user in discussion

Todd Lipcon (JIRA): 1 post

People

Translate

site design / logo © 2022 Grokbase