hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kanter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8883) Anonymous fallback in KerberosAuthenticator is broken
Date Thu, 31 Oct 2013 19:05:19 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810561#comment-13810561
] 

Robert Kanter commented on HADOOP-8883:
---------------------------------------

I was talking to [~tucu00] about this, and he could go into more detail, but from what I understand,
the JDK doesn't quite implement the spec correctly, and in some cases it will do SPNEGO when
we weren't expecting it to yet.  So, while we can do it again (as the code always does now),
that's wasteful and we can just extract the token in that case (what the code is supposed
to be doing).  

In any case, you are correct that the first {{if}} block is never executed because of the
change introduced by this JIRA.  I'll work on a fix for that and create a new JIRA soon. 


> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
>                 Key: HADOOP-8883
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8883
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 2.0.3-alpha
>            Reporter: Robert Kanter
>            Assignee: Robert Kanter
>              Labels: security
>             Fix For: 2.0.3-alpha
>
>         Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the SPNEGO already;
but this change broke using the fallback authenticator (PseudoAuthenticator) with an anonymous
user (see OOZIE-1010).  



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message