[ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315121#comment-14315121 ]
Josh Elser commented on ACCUMULO-3568: -------------------------------------- Finally tracked down some more information: {panel:title=TabletServer.log} {noformat} 2015-02-10 17:46:51,081 [rpc.UGIAssumingProcessor] [ClientPool 180] TRACE: Setting remoteUser=jel...@example.com 2015-02-10 17:46:51,082 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 180] TRACE: Principal from RPC=jel...@example.com, args=[[ci], TCredentials(principal:jel...@example.com, tokenClassName:org.apache.accumulo.core.client.security.tokens.KerberosToken, token:00 00 00 01, instanceId:6d25daec-07ac-4885-b7a1-4e95c89072b1)] 2015-02-10 17:46:51,086 [rpc.UGIAssumingProcessor] [ClientPool 181] TRACE: Setting remoteUser=accumulo/hostn...@example.com 2015-02-10 17:46:51,086 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 181] TRACE: Principal from RPC=accumulo/hostn...@example.com, args=[TInfo(traceId:0, parentId:0), TCredentials(principal:jel...@example.com, tokenClassName:org.apache.accumulo.core.client.security.tokens.KerberosToken, token:00 00 00 01, instanceId:6d25daec-07ac-4885-b7a1-4e95c89072b1)] 2015-02-10 17:46:51,086 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 181] WARN : Principal in credentials object should match kerberos principal. Expected 'accumulo/hostn...@example.com' but was 'jel...@example.com' {noformat} {panel} The first RPC (as myself in the principal) is for the table existence check done in {{DUCommand}}. The 2nd call is the problematic one, where the wrong principal is being extracted from the RPC transport. Still unsure about how that is happening. > du shell command uses ServerClient incorrectly > ---------------------------------------------- > > Key: ACCUMULO-3568 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3568 > Project: Accumulo > Issue Type: Bug > Components: shell > Environment: kerberos > Reporter: Josh Elser > Assignee: Josh Elser > Priority: Critical > Fix For: 1.7.0 > > > {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is > meant for Accumulo services to use to communicate with each other. This > results in the authentication performed for this method being performed > (incorrectly) as the system instead of the client. -- This message was sent by Atlassian JIRA (v6.3.4#6332)