hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9325) KerberosAuthenticationHandler AuthenticationFilter and should be able to reference Hadoop configurations
Date Fri, 22 Feb 2013 16:58:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13584428#comment-13584428
] 

Alejandro Abdelnur commented on HADOOP-9325:
--------------------------------------------

Setting the following property should work:

hadoop.http.authentication.kerberos.names.rules=${hadoop.security.auth_to_local}

If it works then we should repurpose this JIRA to update hadoop-auth documentation to mention
the [PREFIX].kerberos.names.rules property.

And the HttpAuthentication.html page (http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html)
should also be updated to mention the concrete property in this case (at the beginning of
this comment). It seems the link from the sidebar in the docs is missing the HttpAuthentication.html
page, we should add that too.

                
> KerberosAuthenticationHandler AuthenticationFilter and should be able to reference Hadoop
configurations
> --------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9325
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9325
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>
> In KerberosAuthenticationHandler SPNEGO activities, KerberosName is used to get short
name for client principal, which needs in some Kerberos authentication situations to reference
translation rules defined in Hadoop configuration file like core-site.xml
> as follows:
>   <property>
>     <name>hadoop.security.auth_to_local</name>
>     <value>...</value>
>   </property>
> Note, this is an issue only if default rule can't meet the requirement and custom rules
need to be defined.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message