hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohini Palaniswamy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8518) SPNEGO client side should use KerberosName rules
Date Thu, 21 Jun 2012 20:24:43 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398823#comment-13398823
] 

Rohini Palaniswamy commented on HADOOP-8518:
--------------------------------------------

Tucu,
   The client should support Server principal canonicalization through DNS. It is one of the
standard practices and many clients like curl, Firefox do it. 

http://books.google.com/books?id=dGMd-uay-lkC&pg=PT232&lpg=PT232
http://docs.oracle.com/cd/E19253-01/816-4557/planning-25/index.html

Having to configure hadoop.security.auth_to_local for something that is a very common Kerberos
practice/standard is not ideal. 
                
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
>                 Key: HADOOP-8518
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8518
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.3, 2.0.0-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client name, we
should use it on the client side as well to resolve the server name before getting the kerberos
ticket.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message