Hadoop Common
  1. Hadoop Common
  2. HADOOP-10418

SaslRpcClient should not assume that remote principals are in the default_realm

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare to the configured value, we just assume that the remote principal is in the default realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should use the configured domain_realm mapping to determine the realm of the remote principal.

      1. HADOOP-10418.patch
        0.9 kB
        Aaron T. Myers

        Activity

        Aaron T. Myers created issue -
        Aaron T. Myers made changes -
        Field Original Value New Value
        Attachment HADOOP-10418.patch [ 12636163 ]
        Aaron T. Myers made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Chris Nauroth made changes -
        Hadoop Flags Reviewed [ 10343 ]
        Aaron T. Myers made changes -
        Release Note In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare to the configured value, we just assume that the remote principal is in the default realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should use the configured domain_realm mapping to determine the realm of the remote principal.
        Aaron T. Myers made changes -
        Description We In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare to the configured value, we just assume that the remote principal is in the default realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should use the configured domain_realm mapping to determine the realm of the remote principal.
        Aaron T. Myers made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Fix Version/s 2.5.0 [ 12326263 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Aaron T. Myers
          • Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development