hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8518) SPNEGO client side should use KerberosName rules
Date Thu, 21 Jun 2012 22:03:42 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398918#comment-13398918

Alejandro Abdelnur commented on HADOOP-8518:

@Daryn, the hadoop-auth SPNEGO client creates a token with HTTP/<HOST> as server principal
where <HOST> is the host specifid in the URL. If you are using a hostname alias, then
the resolved server principal will be HTTP<HOST-alias>. Then problem is that the KDC
will not recognize this principal because it does not exist. This means that the hadoop-auth
SPNEGO client should find out what is the real hostname to use as <HOST>. Hope this
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>                 Key: HADOOP-8518
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8518
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.3, 2.0.0-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 1.1.0, 2.0.1-alpha
> currently KerberosName is used only on the server side to resolve the client name, we
should use it on the client side as well to resolve the server name before getting the kerberos

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message