Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10418

SaslRpcClient should not assume that remote principals are in the default_realm

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.4.0
    • Fix Version/s: 2.5.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal to compare to the configured value, we just assume that the remote principal is in the default realm configured in /etc/krb5.conf. This will not always be the case, however. Instead, we should use the configured domain_realm mapping to determine the realm of the remote principal.

        Attachments

        1. HADOOP-10418.patch
          0.9 kB
          Aaron T. Myers

          Activity

            People

            • Assignee:
              atm Aaron T. Myers
              Reporter:
              atm Aaron T. Myers
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: