Return-Path: 
 <common-issues-return-40306-apmail-hadoop-common-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 106FFDCD0
	for <apmail-hadoop-common-issues-archive@minotaur.apache.org>;
 Fri, 16 Nov 2012 21:37:13 +0000 (UTC)
Received: (qmail 54498 invoked by uid 500); 16 Nov 2012 21:37:12 -0000
Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org
Received: (qmail 54465 invoked by uid 500); 16 Nov 2012 21:37:12 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Reply-To: common-issues@hadoop.apache.org
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 54456 invoked by uid 99); 16 Nov 2012 21:37:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 16 Nov 2012 21:37:12 +0000
Date: Fri, 16 Nov 2012 21:37:12 +0000 (UTC)
From: "Aaron T. Myers (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <1402830683.125774.1353101832638.JavaMail.jiratomcat@arcas>
In-Reply-To: <649746498.86060.1352364612349.JavaMail.jiratomcat@arcas>
Subject: [jira] [Commented] (HADOOP-9019)
 KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal
 with hostname everytime
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13499159#comment-13499159 ] 

Aaron T. Myers commented on HADOOP-9019:
----------------------------------------

bq. In a private cluster where machines dont have any DNS server and also mapping of all ip/hostnames may not be present in /etc/hosts. In that case we may need to use IP instead of hostname in configs.

But how will this proposal help in such a situation? In order for this to work, the cluster will have to be able to do reverse name lookups on the IP address, so properly configured DNS of some sort (either a DNS server or populated /etc/hosts) will have to be present.
                
> KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname everytime 
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9019
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9019
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Vinay
>
> in KerberosAuthenticator.doSpnegoSequence(..) following line of code will just create a principal of the form "HTTP/<host>",
> {code}            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 KerberosAuthenticator.this.url.getHost());{code}
>  but uri.getHost() is not sure of always getting hostname. If uri contains IP, then it just returns IP.
> For SPNEGO authentication principal should always be created with <hostname>.
> This code should be something like this, which will look /etc/hosts to get hostname
> {code}            String hostname = InetAddress.getByName(
>                 KerberosAuthenticator.this.url.getHost()).getHostName();
> String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 hostname);{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira