hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eli Collins (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8554) KerberosAuthenticator should use the configured principal
Date Thu, 05 Jul 2012 17:13:34 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13407283#comment-13407283

Eli Collins commented on HADOOP-8554:

bq. I don't find this property in trunk. I think it's better to pass principal from the user
of KerberosAuthenticator.

See AuthenticationFilterInitializer, this config name is constructed via the PREFIX variable.
> KerberosAuthenticator should use the configured principal
> ---------------------------------------------------------
>                 Key: HADOOP-8554
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8554
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.0.0, 2.0.0-alpha, 2.0.1-alpha, 3.0.0
>            Reporter: Eli Collins
>              Labels: security, webconsole
> In KerberosAuthenticator we construct the principal as follows:
> {code}
> String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
> {code}
> Seems like we should use the configured hadoop.http.authentication.kerberos.principal
instead right?
> I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is
not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and
is my configured principal). distcp using Hftp://localhost with the same config works so it
looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp
is not?).

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message