Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
MapReduce >> mail # user >> Expected behavior of nested UserGroupInformation


Copy link to this message
-
Expected behavior of nested UserGroupInformation
Hi,

I am using UserGroupInformation.doAs(...) in order to launch a job
programmatically from a remote application.
I was wondering : what is the expected behavior of nested
UserGroupInformation?

Is it the same as with Jaas? Which is, if I am not mistaken, the last inner
'subject' is used?
If that's the case, UserGroupInformation can not be used to enforce that a
given code will be executed with the provided user, as the action might
nest a inner call with its own user.
That might be a security threat if there is not authentication (like
Kerberos).

Can someone confirm/infirm that?

Regards

Bertrand
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB