[HADOOP-10398] KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

//KerberosAuthenticator.java
      if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
        LOG.debug("JDK performed authentication on our behalf.");
        // If the JDK already did the SPNEGO back-and-forth for
        // us, just pull out the token.
        AuthenticatedURL.extractToken(conn, token);
        return;
      } else ...

The problem of the code above is that HTTP_OK does not implies authentication completed. We should check if the token can be extracted successfully.

This problem was reported by bowenzhangusa in this comment earlier.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

c10398_20140310.patch
10/Mar/14 19:49
0.9 kB
Tsz-wo Sze
a.txt
14/Mar/14 21:33
7 kB
Bowen Zhang

Issue Links

is broken by

HADOOP-10078 KerberosAuthenticator always does SPNEGO

Closed

is related to

OOZIE-800 Job start/kill gives authorization error

Resolved

relates to

HADOOP-10417 There is no token for anonymous authentication

Open

HADOOP-10416 For pseudo authentication, what to do if there is an expired token?

Resolved

Activity

People

Assignee:: Tsz-wo Sze

Reporter:: Tsz-wo Sze

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 10/Mar/14 19:44

Updated:: 20/Nov/14 18:47

Resolved:: 22/Mar/14 00:52