SecurityUtils' TGT fetching does not fall back to "login" user

Key: HADOOP-6946
URL: https://issues.apache.org/jira/browse/HADOOP-6946
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 0.22.0
Reporter: Todd Lipcon
Assignee: Todd Lipcon

In SecurityUtil.getTgtFromSubject and SecurityUtil.fetchServiceTicket, the current JAAS Subject is fetched directly from the AccessController, rather than using UserGroupInformation.getCurrentUser().getSubject(). This means that if it is not run in the confines of a doAs() block, it will fail since the current JAAS subject is null, even though SecurityUtil.login(...) may have been called.

In practice, one place this shows up is using the secondary namenode's "-checkpoint force" option in secured 0.20, since it's done inside the main thread with no surrounding doAs().

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
postedSep 9, '10 at 3:47a
activeSep 9, '10 at 3:47a

1 user in discussion

Todd Lipcon (JIRA): 1 post



site design / logo © 2022 Grokbase