hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9019) KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname everytime
Date Thu, 15 Nov 2012 18:58:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498245#comment-13498245

Aaron T. Myers commented on HADOOP-9019:

He can use the _HOST macro, but that's not the issue. In some places in the code _HOST is
replaced with the literal address specified in some config property. My understanding is Vinay
wants to do something like this:


However, this will result in Hadoop concluding the appropriate principal name is "hdfs/".
What Vinay is proposing is that Hadoop do a reverse lookup on before forming the
principal name, so that the expected principal is determined to be "hdfs/host1.example.com@EXAMPLE.COM".

It's still not clear to me why putting the IP address in the configs is ever desirable, though.
In the example above, why not just set {{fs.defaultFS}} to "{{hdfs://host1.example.com}}"?
> KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname
> --------------------------------------------------------------------------------------------------
>                 Key: HADOOP-9019
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9019
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Vinay
> in KerberosAuthenticator.doSpnegoSequence(..) following line of code will just create
a principal of the form "HTTP/<host>",
> {code}            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 KerberosAuthenticator.this.url.getHost());{code}
>  but uri.getHost() is not sure of always getting hostname. If uri contains IP, then it
just returns IP.
> For SPNEGO authentication principal should always be created with <hostname>.
> This code should be something like this, which will look /etc/hosts to get hostname
> {code}            String hostname = InetAddress.getByName(
>                 KerberosAuthenticator.this.url.getHost()).getHostName();
> String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 hostname);{code}

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message