[jira] [Commented] (ACCUMULO-3568) du shell command uses ServerClient incorrectly

Tue, 10 Feb 2015 14:53:44 -0800 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315121#comment-14315121
 ] 

Josh Elser commented on ACCUMULO-3568:
--------------------------------------

Finally tracked down some more information:

{panel:title=TabletServer.log}
{noformat}
2015-02-10 17:46:51,081 [rpc.UGIAssumingProcessor] [ClientPool 180] TRACE: 
Setting remoteUser=jel...@example.com
2015-02-10 17:46:51,082 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 
180] TRACE: Principal from RPC=jel...@example.com, args=[[ci], 
TCredentials(principal:jel...@example.com, 
tokenClassName:org.apache.accumulo.core.client.security.tokens.KerberosToken, 
token:00 00 00 01, instanceId:6d25daec-07ac-4885-b7a1-4e95c89072b1)]
2015-02-10 17:46:51,086 [rpc.UGIAssumingProcessor] [ClientPool 181] TRACE: 
Setting remoteUser=accumulo/hostn...@example.com
2015-02-10 17:46:51,086 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 
181] TRACE: Principal from RPC=accumulo/hostn...@example.com, 
args=[TInfo(traceId:0, parentId:0), TCredentials(principal:jel...@example.com, 
tokenClassName:org.apache.accumulo.core.client.security.tokens.KerberosToken, 
token:00 00 00 01, instanceId:6d25daec-07ac-4885-b7a1-4e95c89072b1)]
2015-02-10 17:46:51,086 [rpc.TCredentialsUpdatingInvocationHandler] [ClientPool 
181] WARN : Principal in credentials object should match kerberos principal. 
Expected 'accumulo/hostn...@example.com' but was 'jel...@example.com'
{noformat}
{panel}

The first RPC (as myself in the principal) is for the table existence check 
done in {{DUCommand}}. The 2nd call is the problematic one, where the wrong 
principal is being extracted from the RPC transport. Still unsure about how 
that is happening.

> du shell command uses ServerClient incorrectly
> ----------------------------------------------
>
>                 Key: ACCUMULO-3568
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
>             Project: Accumulo
>          Issue Type: Bug
>          Components: shell
>         Environment: kerberos
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
>
>
> {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is 
> meant for Accumulo services to use to communicate with each other. This 
> results in the authentication performed for this method being performed 
> (incorrectly) as the system instead of the client.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to