hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-10418) SaslRpcClient should not assume that remote principals are in the default_realm
Date Sat, 22 Mar 2014 16:04:50 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-10418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aaron T. Myers updated HADOOP-10418:
------------------------------------

    Description: In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal
to compare to the configured value, we just assume that the remote principal is in the default
realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we
should use the configured domain_realm mapping to determine the realm of the remote principal.
 (was: We )

> SaslRpcClient should not assume that remote principals are in the default_realm
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-10418
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10418
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.4.0
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: HADOOP-10418.patch
>
>
> In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare
to the configured value, we just assume that the remote principal is in the default realm
configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should
use the configured domain_realm mapping to determine the realm of the remote principal.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message