[jira] [Created] (FLINK-31109) Fails with proxy user not supported even when security.kerberos.fetch.delegation-token is set to false

Thu, 16 Feb 2023 13:24:06 -0800 

Venkata krishnan Sowrirajan created FLINK-31109:
---------------------------------------------------

             Summary: Fails with proxy user not supported even when 
security.kerberos.fetch.delegation-token is set to false
                 Key: FLINK-31109
                 URL: https://issues.apache.org/jira/browse/FLINK-31109
             Project: Flink
          Issue Type: Bug
            Reporter: Venkata krishnan Sowrirajan


With
{code:java}
security.kerberos.fetch.delegation-token: false
{code}
and delegation tokens obtained through our internal service which sets both 
HADOOP_TOKEN_FILE_LOCATION to pick up the DTs and also sets the 
HADOOP_PROXY_USER which fails with the below error
{code:java}
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in 
[jar:file:/export/home/vsowrira/flink-1.18-SNAPSHOT/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in 
[jar:file:/export/apps/hadoop/hadoop-bin_2100503/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
org.apache.flink.runtime.security.modules.SecurityModule$SecurityInstallException:
 Unable to set the Hadoop login user
        at 
org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:106)
        at 
org.apache.flink.runtime.security.SecurityUtils.installModules(SecurityUtils.java:76)
        at 
org.apache.flink.runtime.security.SecurityUtils.install(SecurityUtils.java:57)
        at 
org.apache.flink.client.cli.CliFrontend.mainInternal(CliFrontend.java:1188)
        at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1157)
Caused by: java.lang.UnsupportedOperationException: Proxy user is not supported
        at 
org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.throwProxyUserNotSupported(KerberosLoginProvider.java:137)
        at 
org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.isLoginPossible(KerberosLoginProvider.java:81)
        at 
org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:73)
        ... 4 more
{code}

This seems to have gotten changed after 
[480e6edf|https://github.com/apache/flink/commit/] 
([FLINK-28330][runtime][security] Remove old delegation token framework code)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to