[ https://issues.apache.org/jira/browse/HADOOP-11176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun Suresh updated HADOOP-11176: --------------------------------- Attachment: HADOOP-11176.3.patch Uploading updated patch Thanks for the review [~atm], * changed name of *loginUgi* to *actualUgi* (felt it might be better than serverUgi) * *actualUgi* is now a final field initialized to either currentUgi or realUgi if currentUgi is a Proxy. This way, we wont need to create a new variable at the time of {{createConnection()}} > KMSClientProvider authentication fails when both currentUgi and loginUgi are > a proxied user > ------------------------------------------------------------------------------------------- > > Key: HADOOP-11176 > URL: https://issues.apache.org/jira/browse/HADOOP-11176 > Project: Hadoop Common > Issue Type: Bug > Reporter: Arun Suresh > Assignee: Arun Suresh > Labels: encryption > Attachments: HADOOP-11176.1.patch, HADOOP-11176.2.patch, > HADOOP-11176.3.patch > > > In a secure environment, with kerberos, when the KMSClientProvider instance > is created in the context of a proxied user, The initial SPNEGO handshake is > made with the currentUser (the proxied user) as the Principal.. this will > fail, since the proxied user is not logged in. > The handshake must be done using the real user. > -- This message was sent by Atlassian JIRA (v6.3.4#6332)