Return-Path: 
 <hdfs-issues-return-51223-apmail-hadoop-hdfs-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id DC993D384
	for <apmail-hadoop-hdfs-issues-archive@minotaur.apache.org>;
 Fri, 19 Oct 2012 05:06:03 +0000 (UTC)
Received: (qmail 94014 invoked by uid 500); 19 Oct 2012 05:06:03 -0000
Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org
Received: (qmail 93986 invoked by uid 500); 19 Oct 2012 05:06:03 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Reply-To: hdfs-issues@hadoop.apache.org
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 93966 invoked by uid 99); 19 Oct 2012 05:06:03 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Oct 2012 05:06:03 +0000
Date: Fri, 19 Oct 2012 05:06:03 +0000 (UTC)
From: "Ahad Rana (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <1318675711.67586.1350623163269.JavaMail.jiratomcat@arcas>
Subject: [jira] [Created] (HDFS-4081) NamenodeProtocol and other Secure
 Protocols should use different config keys for serverPrincipal and
 clientPrincipal KerberosInfo components
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Ahad Rana created HDFS-4081:
-------------------------------

             Summary: NamenodeProtocol and other Secure Protocols should use different config keys for serverPrincipal and clientPrincipal KerberosInfo components 
                 Key: HDFS-4081
                 URL: https://issues.apache.org/jira/browse/HDFS-4081
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: security
    Affects Versions: 2.0.2-alpha, 2.0.1-alpha, 2.0.0-alpha, 2.0.3-alpha
            Reporter: Ahad Rana


The Namenode protocol (NamenodeProtocol.java) defines the same config key, dfs.namenode.kerberos.principal, for both ServerPrincipal and ClientPrincipal components of the KerberosInfo data structure. This overloads the meaning of the dfs.namenode.kerberos.principal config key. This key can be used to define the namenode's principal during startup, but in the client case, it is used by ServiceAuthorizationManager.authorize to create a principal name given an incoming client's ip address. If you explicitly set the principal name for the namenode in the Config using this key, it then breaks ServiceAuthorizationManager.authorize, because it expects this same value to contain a Kerberos principal name pattern NOT an explicit name. 

The solve this issue, the ServerPrincipal and ClientPrincipal components of the NamenodeProtocol should each be assigned unique Config keys.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira