hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8518) SPNEGO client side should use KerberosName rules
Date Fri, 22 Jun 2012 13:30:42 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13399306#comment-13399306
] 

Daryn Sharp commented on HADOOP-8518:
-------------------------------------

Thanks for enlightening me Alejandro.  I did not realize SPNEGO is creating a service ticket.
 Based on a quick read, it seems that CNAMES and proxies are often problematic and usually
require an explicit config.  Using config options would seem to be problematic/expensive to
maintain in multi-grid environments.

Would perhaps a cleaner way be for the server to send a http response header containing it's
canonical hostname?  If that header is present, the SPNEGO client will use it to construct
the server principal?
                
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
>                 Key: HADOOP-8518
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8518
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.3, 2.0.0-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client name, we
should use it on the client side as well to resolve the server name before getting the kerberos
ticket.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message