[jira] [Created] (HDFS-3367) WebHDFS doesn't use the logged in user when opening connections

Thu, 03 May 2012 18:23:18 -0700 

Jakob Homan created HDFS-3367:
---------------------------------

             Summary: WebHDFS doesn't use the logged in user when opening 
connections
                 Key: HDFS-3367
                 URL: https://issues.apache.org/jira/browse/HDFS-3367
             Project: Hadoop HDFS
          Issue Type: Bug
    Affects Versions: 1.0.2
            Reporter: Jakob Homan


Something along the lines of
{noformat}
UserGroupInformation.loginUserFromKeytab(<blah blah>)
Filesystem fs = FileSystem.get(new URI("webhdfs://blah"), conf)
{noformat}
doesn't work as webhdfs doesn't use the correct context and the user shows up 
to the spnego filter without kerberos credentials:
{noformat}Exception in thread "main" java.io.IOException: Authentication 
failed, url=http://<NN>:50070/webhdfs/v1/?op=GETDELEGATIONTOKEN&user.name=<USER>
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getHttpUrlConnection(WebHdfsFileSystem.java:337)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.httpConnect(WebHdfsFileSystem.java:347)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.run(WebHdfsFileSystem.java:403)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:675)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.initDelegationToken(WebHdfsFileSystem.java:176)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.initialize(WebHdfsFileSystem.java:160)
        at 
org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:1386)
...
Caused by: 
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: No valid credentials provided (Mechanism level: Failed to find 
any Kerberos tgt)
        at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:232)
        at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:141)
        at 
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:217)
        at 
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getHttpUrlConnection(WebHdfsFileSystem.java:332)
        ... 16 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed 
to find any Kerberos tgt)
        at 
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:130)
...{noformat}
Explicitly getting the current user's context via a doAs block works, but this 
should be done by webhdfs. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to