Gabor Somogyi created FLINK-32465: ------------------------------------- Summary: KerberosLoginProvider.isLoginPossible does accidental login with keytab Key: FLINK-32465 URL: https://issues.apache.org/jira/browse/FLINK-32465 Project: Flink Issue Type: Bug Components: API / Core Affects Versions: 1.18.0 Reporter: Gabor Somogyi
In KerberosLoginProvider.isLoginPossible there is a call to UserGroupInformation.getCurrentUser() before principal check (keytab usage). This triggers an accidental login with either kerberos credentials if available, or as the local OS user, based on security settings. This is not problematic most of the time since KerberosLoginProvider.doLogin overwrites the credentials with keytab. The problem hurts however when login fails for whatever reason. Such case the workload is just not starting. -- This message was sent by Atlassian Jira (v8.20.10#820010)