[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kan Zhang updated HADOOP-6603:
------------------------------
Attachment: HADOOP-6603-Y20S-4.patch
uploaded a new patch based on Jakob's patch (not for commit to trunk)
1. Moved SecurityUtil.java from hdfs to core.
2. Added comments on the possible presence of cross-realm TGT's in the Subject's credential
cache.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch,
HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm
principles when clients initiate connections to servers, resulting in the client being unable
to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|