HDFS-14668 Support Fuse with Users from multiple Security Realms (#1739)
This commit is contained in:
parent
2059f255d3
commit
57aa048516
@ -476,7 +476,6 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx,
|
|||||||
if (gPort) {
|
if (gPort) {
|
||||||
hdfsBuilderSetNameNodePort(bld, gPort);
|
hdfsBuilderSetNameNodePort(bld, gPort);
|
||||||
}
|
}
|
||||||
hdfsBuilderSetUserName(bld, usrname);
|
|
||||||
if (gHdfsAuthConf == AUTH_CONF_KERBEROS) {
|
if (gHdfsAuthConf == AUTH_CONF_KERBEROS) {
|
||||||
findKerbTicketCachePath(ctx, kpath, sizeof(kpath));
|
findKerbTicketCachePath(ctx, kpath, sizeof(kpath));
|
||||||
if (stat(kpath, &st) < 0) {
|
if (stat(kpath, &st) < 0) {
|
||||||
@ -495,6 +494,17 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx,
|
|||||||
ret = -ENOMEM;
|
ret = -ENOMEM;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// earlier the username was set to the builder always, but due to
|
||||||
|
// HADOOP-9747 if we specify the username in case of kerberos authentication
|
||||||
|
// the username will be used as the principal name, and that will conflict
|
||||||
|
// with ticket cache based authentication as we have the OS user name here
|
||||||
|
// not the real kerberos principal name. So with SIMPLE auth we pass on the
|
||||||
|
// OS username still, and the UGI will use that as the username, but with
|
||||||
|
// kerberos authentication we do not pass in the OS username and let the
|
||||||
|
// authentication happen with the principal who's ticket is in the ticket
|
||||||
|
// cache. (HDFS-15034 is still a possible improvement for SIMPLE AUTH.)
|
||||||
|
hdfsBuilderSetUserName(bld, usrname);
|
||||||
}
|
}
|
||||||
conn->usrname = strdup(usrname);
|
conn->usrname = strdup(usrname);
|
||||||
if (!conn->usrname) {
|
if (!conn->usrname) {
|
||||||
|
Loading…
Reference in New Issue
Block a user