From common-dev-return-79305-apmail-hadoop-common-dev-archive=hadoop.apache.org@hadoop.apache.org  Fri Jul 27 01:22:54 2012
Return-Path: <common-dev-return-79305-apmail-hadoop-common-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-dev-archive@www.apache.org
Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8D553CEA6
	for <apmail-hadoop-common-dev-archive@www.apache.org>; Fri, 27 Jul 2012 01:22:54 +0000 (UTC)
Received: (qmail 91588 invoked by uid 500); 27 Jul 2012 01:22:52 -0000
Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org
Received: (qmail 91523 invoked by uid 500); 27 Jul 2012 01:22:52 -0000
Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-dev@hadoop.apache.org>
List-Id: <common-dev.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-dev@hadoop.apache.org
Received: (qmail 91513 invoked by uid 99); 27 Jul 2012 01:22:52 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jul 2012 01:22:52 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (nike.apache.org: local policy)
Received: from [209.85.160.48] (HELO mail-pb0-f48.google.com) (209.85.160.48)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 27 Jul 2012 01:22:46 +0000
Received: by pbbrq8 with SMTP id rq8so4786534pbb.35
        for <common-dev@hadoop.apache.org>; Thu, 26 Jul 2012 18:22:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=from:content-type:message-id:mime-version:subject:date:references
         :to:in-reply-to:x-mailer:x-gm-message-state;
        bh=SZfketxdj3Nf3uC4V8xbsE5lt/UrALbz00iVnR9IS8I=;
        b=lqg2ZeDgp57ny++JuawSbTkrzPsZ6PgL6QCbjVilHj66fJsKuCjtP2wv8m/o8/qjOC
         j/sUP4Uw/30FLS6VkK3pH+aFLM0xOTMkuehOBg8wIGRY8O0cOOWZgX1RRYZkpbtTLYgV
         0oiPWOA/rORUGOJ4IhYx1SIM/E3GL9AD8OvtiTzVNWD5Z1jyWi5s7O/sydXRYwDOPW5I
         Irwox5/y0LVAEvbwOBvg7Zif1UMZl1ZTkBNa9ogndXnvvSaAC5kdSlZUKHNC4bzr29e4
         Wehr1/y8U1E2hP3MyB6TkfpRd0v/25O76HcWIdPVCmXBStSgTygOE7M9QKLU5kBsp8cN
         H6RQ==
Received: by 10.68.223.198 with SMTP id qw6mr9343015pbc.94.1343352144896;
        Thu, 26 Jul 2012 18:22:24 -0700 (PDT)
Received: from [10.10.11.56] (host1.hortonworks.com. [70.35.59.2])
        by mx.google.com with ESMTPS id oq4sm776652pbb.21.2012.07.26.18.22.23
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 26 Jul 2012 18:22:24 -0700 (PDT)
From: Arpit Gupta <arpit@hortonworks.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C8C363A1-81DE-4DDB-87AE-B47E5A2417A1"
Message-Id: <FF0A9947-55EC-4DBA-BD36-D8D9448A2892@hortonworks.com>
Mime-Version: 1.0 (Mac OS X Mail 6.0 \(1485\))
Subject: Re: regarding _HOST token replacement in security hadoop
Date: Thu, 26 Jul 2012 18:22:22 -0700
References: <34213805.post@talk.nabble.com> <CC36BED8.422A%evans@yahoo-inc.com> <CALEq1Z_w=o+R5yVdzd85G7NMFPaAm0JvxdL4fzmLZE7vJdws_A@mail.gmail.com> <737D5E42ADDB2C4E96DAF6A8900D75FE3062611B@SZXEML508-MBS.china.huawei.com>
To: common-dev@hadoop.apache.org
In-Reply-To: <737D5E42ADDB2C4E96DAF6A8900D75FE3062611B@SZXEML508-MBS.china.huawei.com>
X-Mailer: Apple Mail (2.1485)
X-Gm-Message-State: ALoCoQn8Wpc32JndPkjw2F+YMjR+drAQw+lMrO0OtvHRVpMMCcksfFe3NKtjf4UPmVuopKvWhWft

--Apple-Mail=_C8C363A1-81DE-4DDB-87AE-B47E5A2417A1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

what version of hadoop are you using?

also

dfs.web.authentication.kerberos.principal should be set to =
HTTP/_HOST@site.com

--
Arpit Gupta
Hortonworks Inc.
http://hortonworks.com/

On Jul 26, 2012, at 6:11 PM, Wangwenli <wangwenli@huawei.com> wrote:

> Hi all,
>=20
>   I configured like below in hdfs-site.xml:
>=20
> <property>
>  <name>dfs.namenode.kerberos.principal</name>
>  <value>nn/_HOST@site</value>
> </property>
>=20
>=20
> <property>
>    <name>dfs.web.authentication.kerberos.principal</name>
>    <value>nn/_HOST@site</value>
> </property>
>=20
>=20
>   When  start up namenode, I found, namenode will use principal : =
nn/167-52-0-56@site to login, but the http server will use =
nn/167-52-0-56.site@site<mailto:nn/167-52-0-56.site@site> to lgin,  so =
it start failed.
>=20
> I checked the code,
>=20
> Namenode will use socAddr.getHostName() to get hostname in =
org.apache.hadoop.hdfs.server.namenode.NameNode.loginAsNameNodeUser.
>=20
>=20
> But httpserver 's default hostname is 0.0.0.0, so in =
org.apache.hadoop.security.SecurityUtil.replacePattern, it will get the =
hostname by invoking getLocalHostName,there it use =
getCanonicalHostName(),
>=20
> I think this inconsistent is wrong,  can someone confirm this? Need =
raise one bug ?=20
>=20
> Thanks
>=20


--Apple-Mail=_C8C363A1-81DE-4DDB-87AE-B47E5A2417A1--