From b5022b0515b5c026659e94c69221a281804dcfe9 Mon Sep 17 00:00:00 2001 From: Istvan Fajth Date: Thu, 27 Feb 2020 16:48:15 +0100 Subject: [PATCH] HDFS-14668 Support Fuse with Users from multiple Security Realms (#1739) (cherry picked from commit 57aa048516f5c5fe02441d213b52ce1bbeddf823) (cherry picked from commit e42ac486e7eecb6a24ac95f1ceaf61d24060adef) --- .../src/main/native/fuse-dfs/fuse_connect.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/fuse-dfs/fuse_connect.c b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/fuse-dfs/fuse_connect.c index 6ee4ad5130e..9bf526f8ac9 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/fuse-dfs/fuse_connect.c +++ b/hadoop-hdfs-project/hadoop-hdfs-native-client/src/main/native/fuse-dfs/fuse_connect.c @@ -472,7 +472,6 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx, if (gPort) { hdfsBuilderSetNameNodePort(bld, gPort); } - hdfsBuilderSetUserName(bld, usrname); if (gHdfsAuthConf == AUTH_CONF_KERBEROS) { findKerbTicketCachePath(ctx, kpath, sizeof(kpath)); if (stat(kpath, &st) < 0) { @@ -491,6 +490,17 @@ static int fuseNewConnect(const char *usrname, struct fuse_context *ctx, ret = -ENOMEM; goto error; } + } else { + // earlier the username was set to the builder always, but due to + // HADOOP-9747 if we specify the username in case of kerberos authentication + // the username will be used as the principal name, and that will conflict + // with ticket cache based authentication as we have the OS user name here + // not the real kerberos principal name. So with SIMPLE auth we pass on the + // OS username still, and the UGI will use that as the username, but with + // kerberos authentication we do not pass in the OS username and let the + // authentication happen with the principal who's ticket is in the ticket + // cache. (HDFS-15034 is still a possible improvement for SIMPLE AUTH.) + hdfsBuilderSetUserName(bld, usrname); } conn->usrname = strdup(usrname); if (!conn->usrname) {