Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10398

KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Invalid
    • None
    • None
    • security
    • None

    Description

      //KerberosAuthenticator.java
            if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
              LOG.debug("JDK performed authentication on our behalf.");
              // If the JDK already did the SPNEGO back-and-forth for
              // us, just pull out the token.
              AuthenticatedURL.extractToken(conn, token);
              return;
            } else ...
      

      The problem of the code above is that HTTP_OK does not implies authentication completed. We should check if the token can be extracted successfully.

      This problem was reported by bowenzhangusa in this comment earlier.

      Attachments

        1. a.txt
          7 kB
          Bowen Zhang
        2. c10398_20140310.patch
          0.9 kB
          Tsz-wo Sze

        Issue Links

          Activity

            People

              szetszwo Tsz-wo Sze
              szetszwo Tsz-wo Sze
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: