hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wangwenli <wangwe...@huawei.com>
Subject regarding _HOST token replacement in security hadoop
Date Fri, 27 Jul 2012 01:11:11 GMT
Hi all,

   I configured like below in hdfs-site.xml:

<property>
  <name>dfs.namenode.kerberos.principal</name>
  <value>nn/_HOST@site</value>
</property>


<property>
    <name>dfs.web.authentication.kerberos.principal</name>
    <value>nn/_HOST@site</value>
</property>


   When  start up namenode, I found, namenode will use principal : nn/167-52-0-56@site to
login, but the http server will use nn/167-52-0-56.site@site<mailto:nn/167-52-0-56.site@site>
to lgin,  so it start failed.

I checked the code,

Namenode will use socAddr.getHostName() to get hostname in org.apache.hadoop.hdfs.server.namenode.NameNode.loginAsNameNodeUser.


But httpserver 's default hostname is 0.0.0.0, so in org.apache.hadoop.security.SecurityUtil.replacePattern,
it will get the hostname by invoking getLocalHostName,there it use getCanonicalHostName(),

I think this inconsistent is wrong,  can someone confirm this? Need raise one bug ? 

Thanks

Mime
View raw message