Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14146

KerberosAuthenticationHandler should authenticate with SPN in AP-REQ

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha4, 2.8.2
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Many attempts (HADOOP-10158, HADOOP-11628, HADOOP-13565) have tried to add multiple SPN host and/or realm support to spnego authentication. The basic problem is the server tries to guess and/or brute force what SPN the client used. The server should just decode the SPN from the AP-REQ.

        Attachments

        1. HADOOP-14146.1.patch
          28 kB
          Daryn Sharp
        2. HADOOP-14146.2.patch
          27 kB
          Daryn Sharp
        3. HADOOP-14146.3.patch
          27 kB
          Daryn Sharp
        4. HADOOP-14146.addendum.patch
          0.8 kB
          Daryn Sharp
        5. HADOOP-14146.branch-2.test-import.patch
          1 kB
          Daryn Sharp
        6. HADOOP-14146.patch
          28 kB
          Daryn Sharp

          Activity

            People

            • Assignee:
              daryn Daryn Sharp
              Reporter:
              daryn Daryn Sharp
            • Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: