[
https://issues.apache.org/jira/browse/KUDU-2379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16416470#comment-16416470
]
Todd Lipcon commented on KUDU-2379:
-----------------------------------
Committed on master, waiting on https://gerrit.cloudera.org/c/9832 for the
cherry-pick to branch-1.7.x
> Spark generates a broken authentication credentials PB
> ------------------------------------------------------
>
> Key: KUDU-2379
> URL: https://issues.apache.org/jira/browse/KUDU-2379
> Project: Kudu
> Issue Type: Bug
> Components: java, spark
> Affects Versions: 1.7.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
>
> KUDU-2259 introduced a regression which causes Spark to not work properly on
> secure clusters. The issue is the following:
> - the driver calls exportAuthenticationCredentials()
> -- the client hasn't yet talked to the master, so it doesn't have any
> credentials yet, despite having a keytab available
> -- the code is as follows:
> {code}
> byte[] authnData = securityContext.exportAuthenticationCredentials();
> if (authnData != null) {
> return Deferred.fromResult(authnData);
> }
> {code}
> -- previously, authnData would be null in this case, and it would fall
> through to connect to the cluster and then export a proper token.
> -- with the new implementation, an authnData is returned which is devoid of
> real credentials but contains a realUser. So, it's non-null, and it gets
> returned immediately
> - the tasks then get credentials with no tokens and can't connect
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
