hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tsz Wo Nicholas Sze (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-10398) KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078
Date Mon, 10 Mar 2014 19:44:47 GMT
Tsz Wo Nicholas Sze created HADOOP-10398:
--------------------------------------------

             Summary: KerberosAuthenticator failed to fall back to PseudoAuthenticator after
HADOOP-10078
                 Key: HADOOP-10398
                 URL: https://issues.apache.org/jira/browse/HADOOP-10398
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Tsz Wo Nicholas Sze
            Assignee: Tsz Wo Nicholas Sze


{code}
//KerberosAuthenticator.java
      if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
        LOG.debug("JDK performed authentication on our behalf.");
        // If the JDK already did the SPNEGO back-and-forth for
        // us, just pull out the token.
        AuthenticatedURL.extractToken(conn, token);
        return;
      } else ...
{code}
The problem of the code above is that HTTP_OK does not implies authentication completed. 
We should check if the token can be extracted successfully.

This problem was reported by [~bowenzhangusa] in [this comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823]
earlier.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message