hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From x...@apache.org
Subject hadoop git commit: Revert "HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao."
Date Fri, 04 Nov 2016 23:35:04 GMT
Repository: hadoop
Updated Branches:
  refs/heads/trunk 6bb741ff0 -> 95665a6ee


Revert "HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based
on client request. Contributed by Xiaoyu Yao."

This reverts commit 9097e2efe4c92d83c8fab88dc11be84505a6cab5.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/95665a6e
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/95665a6e
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/95665a6e

Branch: refs/heads/trunk
Commit: 95665a6eea32ff7134ea556db4dd4ae068364fc0
Parents: 6bb741f
Author: Xiaoyu Yao <xyao@apache.org>
Authored: Fri Nov 4 16:02:47 2016 -0700
Committer: Xiaoyu Yao <xyao@apache.org>
Committed: Fri Nov 4 16:02:47 2016 -0700

----------------------------------------------------------------------
 .../authentication/server/KerberosAuthenticationHandler.java  | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/95665a6e/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
index 07c2a31..c6d1881 100644
--- a/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
@@ -343,6 +343,8 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler
{
       authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim();
       final Base64 base64 = new Base64(0);
       final byte[] clientToken = base64.decode(authorization);
+      final String serverName = InetAddress.getByName(request.getServerName())
+                                           .getCanonicalHostName();
       try {
         token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>()
{
 
@@ -352,7 +354,10 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler
{
             GSSContext gssContext = null;
             GSSCredential gssCreds = null;
             try {
-              gssCreds = gssManager.createCredential(null,
+              gssCreds = gssManager.createCredential(
+                  gssManager.createName(
+                      KerberosUtil.getServicePrincipal("HTTP", serverName),
+                      KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
                   GSSCredential.INDEFINITE_LIFETIME,
                   new Oid[]{
                     KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-commits-help@hadoop.apache.org


Mime
View raw message