Daryn Sharp created HADOOP-9317: ----------------------------------- Summary: User cannot specify a kerberos keytab for commands Key: HADOOP-9317 URL: https://issues.apache.org/jira/browse/HADOOP-9317 Project: Hadoop Common Issue Type: Bug Components: security Affects Versions: 2.0.0-alpha, 0.23.0, 3.0.0 Reporter: Daryn Sharp Assignee: Daryn Sharp Priority: Critical
{{UserGroupInformation}} only allows kerberos users to be logged in via the ticket cache when running hadoop commands. {{UGI}} allows a keytab to be used, but it's only exposed programatically. This forces keytab-based users running hadoop commands to periodically issue a kinit from the keytab. A race condition exists during the kinit when the ticket cache is deleted and re-created. Hadoop commands will fail when the ticket cache does not momentarily exist. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira