[
https://issues.apache.org/jira/browse/HADOOP-13066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15262581#comment-15262581
]
Chris Nauroth commented on HADOOP-13066:
----------------------------------------
Hello [~sershe].
bq. I think the simplest way to fix would be to have login method also return
the UGI
Have you seen {{UserGroupInformation#loginUserFromKeytabAndReturnUGI}}? If the
application was changed to call that, then you could execute code within a
{{doAs}} block on the returned UGI instance. In your example, each thread
would operate on a different UGI instance. This method does not alter the
process-global logged-in user.
{code}
/**
* Log a user in from a keytab file. Loads a user identity from a keytab
* file and login them in. This new user does not affect the currently
* logged-in user.
* @param user the principal name to load from the keytab
* @param path the path to the keytab file
* @throws IOException if the keytab file can't be read
*/
public synchronized
static UserGroupInformation loginUserFromKeytabAndReturnUGI(String user,
String path
) throws IOException {
{code}
> UserGroupInformation.loginWithKerberos/getLoginUser is not thread-safe
> ----------------------------------------------------------------------
>
> Key: HADOOP-13066
> URL: https://issues.apache.org/jira/browse/HADOOP-13066
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Sergey Shelukhin
>
> When calling loginFromKerberos, a static variable is set up with the result.
> If someone logs in as a different user from a different thread, the call to
> getLoginUser will not return the correct UGI.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
