Hadoop Common
  1. Hadoop Common
  2. HADOOP-10418

SaslRpcClient should not assume that remote principals are in the default_realm

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare to the configured value, we just assume that the remote principal is in the default realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should use the configured domain_realm mapping to determine the realm of the remote principal.

      1. HADOOP-10418.patch
        0.9 kB
        Aaron T. Myers

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Aaron T. Myers
          • Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development