Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
1.17.0
Description
With
security.kerberos.fetch.delegation-token: false
and delegation tokens obtained through our internal service which sets both HADOOP_TOKEN_FILE_LOCATION to pick up the DTs and also sets the HADOOP_PROXY_USER which fails with the below error
SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/export/home/vsowrira/flink-1.18-SNAPSHOT/lib/log4j-slf4j-impl-2.17.1.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/export/apps/hadoop/hadoop-bin_2100503/share/hadoop/common/lib/slf4j-log4j12-1.7.25.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory] org.apache.flink.runtime.security.modules.SecurityModule$SecurityInstallException: Unable to set the Hadoop login user at org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:106) at org.apache.flink.runtime.security.SecurityUtils.installModules(SecurityUtils.java:76) at org.apache.flink.runtime.security.SecurityUtils.install(SecurityUtils.java:57) at org.apache.flink.client.cli.CliFrontend.mainInternal(CliFrontend.java:1188) at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1157) Caused by: java.lang.UnsupportedOperationException: Proxy user is not supported at org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.throwProxyUserNotSupported(KerberosLoginProvider.java:137) at org.apache.flink.runtime.security.token.hadoop.KerberosLoginProvider.isLoginPossible(KerberosLoginProvider.java:81) at org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:73) ... 4 more
This seems to have gotten changed after 480e6edf (FLINK-28330[runtime][security] Remove old delegation token framework code)