hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8572) DN uses incorrect kerberos principals in spnego authentication
Date Thu, 11 Jun 2015 02:25:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14581353#comment-14581353
] 

Yongjun Zhang commented on HDFS-8572:
-------------------------------------

One question
{code}
  private static String getHostnameForSpnegoPrincipal(Configuration conf) {
    String addr = conf.getTrimmed(DFS_DATANODE_HTTP_ADDRESS_KEY, null);
    if (addr == null) {
      addr = conf.getTrimmed(DFS_DATANODE_HTTPS_ADDRESS_KEY,
                             DFS_DATANODE_HTTPS_ADDRESS_DEFAULT);
    }
    InetSocketAddress inetSocker = NetUtils.createSocketAddr(addr);
    String hostName = inetSocker.getHostString();
    return hostName;
  }
{code}
Shouldn't this code check whether it's secure cluster or not then read the corresponding config
property, instead of checking "==nul" with one then try the other?

Thanks.


> DN uses incorrect kerberos principals in spnego authentication
> --------------------------------------------------------------
>
>                 Key: HDFS-8572
>                 URL: https://issues.apache.org/jira/browse/HDFS-8572
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Haohui Mai
>            Assignee: Haohui Mai
>            Priority: Blocker
>         Attachments: HDFS-8572.000.patch
>
>
> After HDFS-7279, the DN always uses {{HTTP/locahost@REALM}} to authenticate spnego requests,
which breaks all the security deployments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message