[ https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14315304#comment-14315304 ]
Josh Elser commented on ACCUMULO-3568: -------------------------------------- After much cursing, finally figured it out. The problem was not the client doing something bad, but the server *using* the clients credentials instead of its own. {code} @Override public List<TDiskUsage> getDiskUsage(Set<String> tables, TCredentials credentials) throws ThriftTableOperationException, ThriftSecurityException, TException { try { final Credentials creds = Credentials.fromThrift(credentials); Connector conn = instance.getConnector(creds.getPrincipal(), creds.getToken()); {code} That explains why I couldn't figure out what was seemingly different on the client side -- it was nothing. The server should be using its own connector and enforcing proper permissions to keep users from {{du}}'ing tables which they have no access to. > du shell command uses ServerClient incorrectly > ---------------------------------------------- > > Key: ACCUMULO-3568 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3568 > Project: Accumulo > Issue Type: Bug > Components: shell > Environment: kerberos > Reporter: Josh Elser > Assignee: Josh Elser > Priority: Critical > Fix For: 1.7.0 > > > {{TableOperationsImpl.getDiskUsage}} uses the {{ServerClient}} class which is > meant for Accumulo services to use to communicate with each other. This > results in the authentication performed for this method being performed > (incorrectly) as the system instead of the client. -- This message was sent by Atlassian JIRA (v6.3.4#6332)