hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brahma Reddy Battula (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8919) Namenode Kerberos Login does not use proper hostname for host qualified hdfs principal name.
Date Fri, 12 Oct 2012 04:37:02 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13474778#comment-13474778
] 

Brahma Reddy Battula commented on HADOOP-8919:
----------------------------------------------

Hi Ahad Rana,

I think,,this is same as HDFS-3980..Please refer following comment..

https://issues.apache.org/jira/browse/HDFS-3980?focusedCommentId=13469267&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13469267..

Please correct me If I am wrong..
                
> Namenode Kerberos Login does not use proper hostname for host qualified hdfs principal
name.
> --------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8919
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8919
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 2.0.2-alpha, 2.0.3-alpha
>         Environment: CDH4U1 using Kerberos on Ubuntu 12.01
>            Reporter: Ahad Rana
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> The Namenode uses the loginAsNameNodeUser method in NameNode.java to login using the
hdfs principal. This method in turn invokes SecurityUtil.login with a hostname (last parameter)
obtained via a call to InetAddress.getHostName. This call does not always return the fully
qualified host name, and thus causes the namenode to login to fail due to kerberos's inability
to find a matching hdfs principal in the hdfs.keytab file. Instead it should use InetAddress.getCanonicalHostName.
This is consistent with what is used internally by SecurityUtil.java to login in other services,
such as the DataNode. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message