hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-4081) NamenodeProtocol and other Secure Protocols should use different config keys for serverPrincipal and clientPrincipal KerberosInfo components
Date Fri, 19 Oct 2012 07:26:04 GMT

     [ https://issues.apache.org/jira/browse/HDFS-4081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Aaron T. Myers resolved HDFS-4081.
----------------------------------

    Resolution: Duplicate
    
> NamenodeProtocol and other Secure Protocols should use different config keys for serverPrincipal
and clientPrincipal KerberosInfo components 
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-4081
>                 URL: https://issues.apache.org/jira/browse/HDFS-4081
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 2.0.2-alpha, 2.0.3-alpha
>            Reporter: Ahad Rana
>
> The Namenode protocol (NamenodeProtocol.java) defines the same config key, dfs.namenode.kerberos.principal,
for both ServerPrincipal and ClientPrincipal components of the KerberosInfo data structure.
This overloads the meaning of the dfs.namenode.kerberos.principal config key. This key can
be used to define the namenode's principal during startup, but in the client case, it is used
by ServiceAuthorizationManager.authorize to create a principal name given an incoming client's
ip address. If you explicitly set the principal name for the namenode in the Config using
this key, it then breaks ServiceAuthorizationManager.authorize, because it expects this same
value to contain a Kerberos principal name pattern NOT an explicit name. 
> The solve this issue, the ServerPrincipal and ClientPrincipal components of the NamenodeProtocol
should each be assigned unique Config keys.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message