hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eli Collins (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-8554) KerberosAuthenticator should use the configured principal
Date Wed, 04 Jul 2012 02:30:36 GMT
Eli Collins created HADOOP-8554:

             Summary: KerberosAuthenticator should use the configured principal
                 Key: HADOOP-8554
                 URL: https://issues.apache.org/jira/browse/HADOOP-8554
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
    Affects Versions: 1.0.0
            Reporter: Eli Collins

In KerberosAuthenticator we construct the principal as follows:

String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();

Seems like we should use the configured hadoop.http.authentication.kerberos.principal instead

I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is not
in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and is
my configured principal). distcp using Hftp://localhost with the same config works so it looks
like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp is not?).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message