hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8554) KerberosAuthenticator should use the configured principal
Date Fri, 06 Jul 2012 23:42:36 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13408456#comment-13408456

Alejandro Abdelnur commented on HADOOP-8554:

@Eli, the line of code you point out happens on the client side, if your URL is of the form
http://foohost/.... then the principal is created as 'HTTP/foohost'. There is a JIRAs to add
support for kerberos name rules HADOOP-8518. IMO this JIRA is invalid.
> KerberosAuthenticator should use the configured principal
> ---------------------------------------------------------
>                 Key: HADOOP-8554
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8554
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.0.0, 2.0.0-alpha, 2.0.1-alpha, 3.0.0
>            Reporter: Eli Collins
>              Labels: security, webconsole
> In KerberosAuthenticator we construct the principal as follows:
> {code}
> String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
> {code}
> Seems like we should use the configured hadoop.http.authentication.kerberos.principal
instead right?
> I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is
not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and
is my configured principal). distcp using Hftp://localhost with the same config works so it
looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp
is not?).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message