diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UGIExceptionMessages.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UGIExceptionMessages.java index c4d30e509e3ca..27fdb083df852 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UGIExceptionMessages.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UGIExceptionMessages.java @@ -27,6 +27,7 @@ final class UGIExceptionMessages { public static final String FOR_USER = " for user: "; public static final String FOR_PRINCIPAL = " for principal: "; public static final String FROM_KEYTAB = " from keytab "; + public static final String INVALID_UID = "Invalid UID, could not determine effective user"; public static final String LOGIN_FAILURE = "Login failure"; public static final String LOGOUT_FAILURE = "Logout failure"; public static final String MUST_FIRST_LOGIN = diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java index 305e5e10af305..6525460d56180 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java @@ -2075,6 +2075,12 @@ private static UserGroupInformation doSubjectLogin( } return ugi; } catch (LoginException le) { + String msg = le.getMessage(); + if (msg != null && msg.contains("invalid null input")) { + // This error from the JDK indicates that the OS couldn't map the UID of this process to an + // actual user. Throw this as an IOException, because it's not related to Kerberos. + throw new IOException(INVALID_UID, le); + } KerberosAuthException kae = new KerberosAuthException(FAILURE_TO_LOGIN, le); if (params != null) {