Gabor Somogyi created FLINK-32465:
-------------------------------------
Summary: KerberosLoginProvider.isLoginPossible does accidental
login with keytab
Key: FLINK-32465
URL: https://issues.apache.org/jira/browse/FLINK-32465
Project: Flink
Issue Type: Bug
Components: API / Core
Affects Versions: 1.18.0
Reporter: Gabor Somogyi
In KerberosLoginProvider.isLoginPossible there is a call to
UserGroupInformation.getCurrentUser() before principal check (keytab usage).
This triggers an accidental login with either kerberos credentials if
available, or as the local OS user, based on security settings. This is not
problematic most of the time since KerberosLoginProvider.doLogin overwrites the
credentials with keytab. The problem hurts however when login fails for
whatever reason. Such case the workload is just not starting.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
