[
https://issues.apache.org/jira/browse/ACCUMULO-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser updated ACCUMULO-3568:
---------------------------------
Component/s: (was: shell)
tserver
> getDiskUsage server implementation recreates Connector from user credentials
> ----------------------------------------------------------------------------
>
> Key: ACCUMULO-3568
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3568
> Project: Accumulo
> Issue Type: Bug
> Components: tserver
> Environment: kerberos
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Critical
> Fix For: 1.7.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The server-side impl for {{TableOperationsImpl.getDiskUsage}} pulls the
> credentials from the RPC and makes a {{Connector}} from them instead of using
> its own credentials. With Kerberos enabled, this results in the server
> "accumulo/hostname@REALM" trying to act as "user@REALM" which (correctly)
> fails.
> The getDiskUsage implementation should use its own Connector (using the
> SystemToken from the ServerContext), perform the correct security checks for
> permissions and act on behalf of the user instead of trying to *be* the user.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
