[ https://issues.apache.org/jira/browse/HDFS-4542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13590964#comment-13590964 ]
Alejandro Abdelnur commented on HDFS-4542: ------------------------------------------ the doAs user should be the current user, not the real user, no? the real user is the user with proxyuser privilege > Webhdfs doesn't support secure proxy users > ------------------------------------------ > > Key: HDFS-4542 > URL: https://issues.apache.org/jira/browse/HDFS-4542 > Project: Hadoop HDFS > Issue Type: Bug > Components: webhdfs > Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Priority: Blocker > Attachments: HDFS-4542.patch > > > Webhdfs doesn't ever send the {{DoAsParam}} in the REST calls for proxy > users. Proxy users on a non-secure cluster "work" because the server sees > them as the effective user, not a proxy user, which effectively bypasses the > proxy authorization checks. On secure clusters, it doesn't work at all in > part due to wrong ugi being used for the connection (HDFS-3367), but then it > fails because the effective user tries to use a non-proxy token for the real > user. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira