hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohini Palaniswamy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8518) SPNEGO client side should use KerberosName rules
Date Thu, 21 Jun 2012 22:19:43 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398929#comment-13398929
] 

Rohini Palaniswamy commented on HADOOP-8518:
--------------------------------------------

Not as a fallback, but as a override. What I had done was to get the canonical name of the
host from the URL to connect to and use it to construct the service principal's host part
(HTTP/canonicalhostname). If a specific Configuration property was set as to what the FQDN
of the service principal should be, then used that instead of constructing the service principal
from the url. The override would help if the service prinicipal was in a different realm than
the default realm too. You can have a separate specif config parameter to specify the service
principal override and use the rule mapping configuration.
                
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
>                 Key: HADOOP-8518
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8518
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.3, 2.0.0-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client name, we
should use it on the client side as well to resolve the server name before getting the kerberos
ticket.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message