[ https://issues.apache.org/jira/browse/HADOOP-11176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14170325#comment-14170325 ]
Aaron T. Myers commented on HADOOP-11176: ----------------------------------------- +1, the latest patch looks good to me. The change seems much clearer to me now, and I agree that the RAT and findbugs warnings are unrelated. I'm going to commit this momentarily. > KMSClientProvider authentication fails when both currentUgi and loginUgi are > a proxied user > ------------------------------------------------------------------------------------------- > > Key: HADOOP-11176 > URL: https://issues.apache.org/jira/browse/HADOOP-11176 > Project: Hadoop Common > Issue Type: Bug > Reporter: Arun Suresh > Assignee: Arun Suresh > Labels: encryption > Attachments: HADOOP-11176.1.patch, HADOOP-11176.2.patch, > HADOOP-11176.3.patch > > > In a secure environment, with kerberos, when the KMSClientProvider instance > is created in the context of a proxied user, The initial SPNEGO handshake is > made with the currentUser (the proxied user) as the Principal.. this will > fail, since the proxied user is not logged in. > The handshake must be done using the real user. > -- This message was sent by Atlassian JIRA (v6.3.4#6332)