hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14146) KerberosAuthenticationHandler should authenticate with SPN in AP-REQ
Date Thu, 15 Jun 2017 01:21:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049887#comment-16049887
] 

Kai Zheng commented on HADOOP-14146:
------------------------------------

Thanks [~daryn] for the nice update!

I still have some concern over the large portion of ASN.1 & DER decoding codes because
it'll be a maintain burden for the project. However that utility is quite separate and we
can refine the part later. With the added good tests, and based on my trust of you in the
domain, I'm good to provide my +1.

You might wait a couple of days and then commit it if no other comments. Thanks!

> KerberosAuthenticationHandler should authenticate with SPN in AP-REQ
> --------------------------------------------------------------------
>
>                 Key: HADOOP-14146
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14146
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HADOOP-14146.1.patch, HADOOP-14146.2.patch, HADOOP-14146.3.patch,
HADOOP-14146.patch
>
>
> Many attempts (HADOOP-10158, HADOOP-11628, HADOOP-13565) have tried to add multiple SPN
host and/or realm support to spnego authentication.  The basic problem is the server tries
to guess and/or brute force what SPN the client used.  The server should just decode the SPN
from the AP-REQ.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message