HADOOP-14029. Fix KMSClientProvider for non-secure proxyuser use case. Contributed by Xiaoyu Yao.
This commit is contained in:
parent
7bc333ad41
commit
2034315763
@ -1096,13 +1096,14 @@ private UserGroupInformation getActualUgi() throws IOException {
|
||||
// Use real user for proxy user
|
||||
actualUgi = currentUgi.getRealUser();
|
||||
}
|
||||
|
||||
if (!containsKmsDt(actualUgi) &&
|
||||
if (UserGroupInformation.isSecurityEnabled() &&
|
||||
!containsKmsDt(actualUgi) &&
|
||||
!actualUgi.hasKerberosCredentials()) {
|
||||
// Use login user for user that does not have either
|
||||
// Use login user is only necessary when Kerberos is enabled
|
||||
// but the actual user does not have either
|
||||
// Kerberos credential or KMS delegation token for KMS operations
|
||||
LOG.debug("using loginUser no KMS Delegation Token "
|
||||
+ "no Kerberos Credentials");
|
||||
LOG.debug("Using loginUser when Kerberos is enabled but the actual user" +
|
||||
" does not have either KMS Delegation Token or Kerberos Credentials");
|
||||
actualUgi = UserGroupInformation.getLoginUser();
|
||||
}
|
||||
return actualUgi;
|
||||
|
@ -2419,7 +2419,11 @@ public Void run() throws Exception {
|
||||
|
||||
public void doWebHDFSProxyUserTest(final boolean kerberos) throws Exception {
|
||||
Configuration conf = new Configuration();
|
||||
conf.set("hadoop.security.authentication", "kerberos");
|
||||
if (kerberos) {
|
||||
conf.set("hadoop.security.authentication", "kerberos");
|
||||
}
|
||||
UserGroupInformation.setConfiguration(conf);
|
||||
|
||||
final File testDir = getTestDir();
|
||||
conf = createBaseKMSConf(testDir, conf);
|
||||
if (kerberos) {
|
||||
|
Loading…
Reference in New Issue
Block a user