[
https://issues.apache.org/jira/browse/SPARK-34497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gabor Somogyi updated SPARK-34497:
----------------------------------
Description:
Some of the built-in JDBC connection providers are changing the JVM security
context to do the authentication which is fine. The problematic part is that
executors can be reused by another query. The following situation leads to
incorrect behaviour:
* Query1 opens JDBC connection and changes JVM security context in Executor1
* Query2 tries to open JDBC connection but it realizes there is already an
entry for that DB type in Executor1
* Query2 is not changing JVM security context and uses Query1 keytab and
principal
* Query2 fails with authentication error
> JDBC connection provider is not removing kerberos credentials from JVM
> security context
> ---------------------------------------------------------------------------------------
>
> Key: SPARK-34497
> URL: https://issues.apache.org/jira/browse/SPARK-34497
> Project: Spark
> Issue Type: Bug
> Components: SQL
> Affects Versions: 3.0.2, 3.2.0, 3.1.2
> Reporter: Gabor Somogyi
> Priority: Major
>
> Some of the built-in JDBC connection providers are changing the JVM security
> context to do the authentication which is fine. The problematic part is that
> executors can be reused by another query. The following situation leads to
> incorrect behaviour:
> * Query1 opens JDBC connection and changes JVM security context in Executor1
> * Query2 tries to open JDBC connection but it realizes there is already an
> entry for that DB type in Executor1
> * Query2 is not changing JVM security context and uses Query1 keytab and
> principal
> * Query2 fails with authentication error
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
