Hi, I am using UserGroupInformation.doAs(...) in order to launch a job programmatically from a remote application. I was wondering : what is the expected behavior of nested UserGroupInformation?
Is it the same as with Jaas? Which is, if I am not mistaken, the last inner 'subject' is used? If that's the case, UserGroupInformation can not be used to enforce that a given code will be executed with the provided user, as the action might nest a inner call with its own user. That might be a security threat if there is not authentication (like Kerberos). Can someone confirm/infirm that? Regards Bertrand
