[ https://issues.apache.org/jira/browse/HADOOP-11176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14170341#comment-14170341 ]
Hudson commented on HADOOP-11176: --------------------------------- SUCCESS: Integrated in Hadoop-trunk-Commit #6256 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/6256/]) HADOOP-11176. KMSClientProvider authentication fails when both currentUgi and loginUgi are a proxied user. Contributed by Arun Suresh. (atm: rev 0e57aa3bf689374736939300d8f3525ec38bead7) * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java * hadoop-common-project/hadoop-common/CHANGES.txt * hadoop-common-project/hadoop-kms/src/test/java/org/apache/hadoop/crypto/key/kms/server/TestKMS.java > KMSClientProvider authentication fails when both currentUgi and loginUgi are > a proxied user > ------------------------------------------------------------------------------------------- > > Key: HADOOP-11176 > URL: https://issues.apache.org/jira/browse/HADOOP-11176 > Project: Hadoop Common > Issue Type: Bug > Reporter: Arun Suresh > Assignee: Arun Suresh > Labels: encryption > Fix For: 2.6.0 > > Attachments: HADOOP-11176.1.patch, HADOOP-11176.2.patch, > HADOOP-11176.3.patch > > > In a secure environment, with kerberos, when the KMSClientProvider instance > is created in the context of a proxied user, The initial SPNEGO handshake is > made with the currentUser (the proxied user) as the Principal.. this will > fail, since the proxied user is not logged in. > The handshake must be done using the real user. > -- This message was sent by Atlassian JIRA (v6.3.4#6332)