Return-Path: 
 <common-issues-return-32985-apmail-hadoop-common-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6491BC2CF
	for <apmail-hadoop-common-issues-archive@minotaur.apache.org>;
 Thu, 21 Jun 2012 22:03:43 +0000 (UTC)
Received: (qmail 26366 invoked by uid 500); 21 Jun 2012 22:03:43 -0000
Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org
Received: (qmail 26337 invoked by uid 500); 21 Jun 2012 22:03:43 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Reply-To: common-issues@hadoop.apache.org
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 26326 invoked by uid 99); 21 Jun 2012 22:03:43 -0000
Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Jun 2012 22:03:43 +0000
Received: from isssues-vm.apache.org (localhost [127.0.0.1])
	by issues-vm (Postfix) with ESMTP id F27F814001F
	for <common-issues@hadoop.apache.org>; Thu, 21 Jun 2012 22:03:42 +0000 (UTC)
Date: Thu, 21 Jun 2012 22:03:42 +0000 (UTC)
From: "Alejandro Abdelnur (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <288665586.41546.1340316222996.JavaMail.jiratomcat@issues-vm>
In-Reply-To: <227073204.34630.1340211763270.JavaMail.jiratomcat@issues-vm>
Subject: [jira] [Commented] (HADOOP-8518) SPNEGO client side should use
 KerberosName rules
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398918#comment-13398918 ] 

Alejandro Abdelnur commented on HADOOP-8518:
--------------------------------------------

@Daryn, the hadoop-auth SPNEGO client creates a token with HTTP/<HOST> as server principal where <HOST> is the host specifid in the URL. If you are using a hostname alias, then the resolved server principal will be HTTP<HOST-alias>. Then problem is that the KDC will not recognize this principal because it does not exist. This means that the hadoop-auth SPNEGO client should find out what is the real hostname to use as <HOST>. Hope this clarifies.
                
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
>                 Key: HADOOP-8518
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8518
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.0.3, 2.0.0-alpha
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>             Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client name, we should use it on the client side as well to resolve the server name before getting the kerberos ticket.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira