[ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14314771#comment-14314771 ]
Josh Elser commented on ACCUMULO-3568: -------------------------------------- It looks like the implementation {{du}} is actually issuing an RPC as the Accumulo server instead of the client. This transparently passes w/o Kerberos because there's no verification that the user is who they say they are (although it would fail if they couldn't read accumulo-site.xml). {{TableOperationsImpl.getDiskUsage}} shouldn't be using {{ServerClient}} regardless of whether we are running with kerberos or not. > du fails due to principal mismatch > ---------------------------------- > > Key: ACCUMULO-3568 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3568 > Project: Accumulo > Issue Type: Bug > Components: shell > Environment: kerberos > Reporter: Josh Elser > Assignee: Josh Elser > Priority: Critical > Fix For: 1.7.0 > > > For some reason, the credentials used in the shell to execute a {{du}} with > the system user's instead of the shell user's. > The server caught the mismatch in the principals (at the RPC level and the > Accumulo Credentials object) and prevented the RPC, but need to figure out > why this shell command is doing things differently than all of the rest. -- This message was sent by Atlassian JIRA (v6.3.4#6332)