Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-13890

Maintain HTTP/host as SPNEGO SPN support and fix KerberosName parsing

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 3.0.0-alpha2
    • test
    • None
    • Reviewed

    Description

      strong textHADOOP-13565 introduced an incompatible check that disallowed principal like HTTP/host from being used as SPNEGO SPN.
      This breaks the following test in trunk: TestWebDelegationToken, TestKMS , TestTrashWithSecureEncryptionZones and TestSecureEncryptionZoneWithKMS because they used HTTP/localhost as SPNEGO SPN assuming the default realm. This ticket is opened to bring back the support of HTTP/host as valid SPNEGO SPN.

      KerberosName parsing bug was discovered, fixed and included as a necessary part of this ticket along with additional unit test to cover parsing different form of principals.

      Jenkins URL
      https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/251/testReport/
      https://builds.apache.org/job/PreCommit-HADOOP-Build/11240/testReport/

      Attachments

        1. HADOOP-13890.00.patch
          9 kB
          Xiaoyu Yao
        2. HADOOP-13890.01.patch
          11 kB
          Xiaoyu Yao
        3. HADOOP-13890.02.patch
          4 kB
          Xiaoyu Yao
        4. HADOOP-13890.03.patch
          4 kB
          Xiaoyu Yao
        5. test-failure.txt
          19 kB
          Yuanbo Liu
        6. HADOOP-13890.04.patch
          5 kB
          Xiaoyu Yao
        7. test_failure_1.txt
          34 kB
          Yuanbo Liu
        8. HADOOP-13890.05.patch
          7 kB
          Xiaoyu Yao

        Issue Links

          is broken by

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-13565 KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-13891 KerberosName#KerberosName cannot parse principle without realm

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              xyao Xiaoyu Yao
              brahmareddy Brahma Reddy Battula
              Votes:
              1 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: