Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-14146

KerberosAuthenticationHandler should authenticate with SPN in AP-REQ

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.5.0
    • 2.9.0, 3.0.0-alpha4, 2.8.2
    • security
    • None
    • Reviewed

    Description

      Many attempts (HADOOP-10158, HADOOP-11628, HADOOP-13565) have tried to add multiple SPN host and/or realm support to spnego authentication. The basic problem is the server tries to guess and/or brute force what SPN the client used. The server should just decode the SPN from the AP-REQ.

      Attachments

        1. HADOOP-14146.patch
          28 kB
          Daryn Sharp
        2. HADOOP-14146.1.patch
          28 kB
          Daryn Sharp
        3. HADOOP-14146.2.patch
          27 kB
          Daryn Sharp
        4. HADOOP-14146.3.patch
          27 kB
          Daryn Sharp
        5. HADOOP-14146.addendum.patch
          0.8 kB
          Daryn Sharp
        6. HADOOP-14146.branch-2.test-import.patch
          1 kB
          Daryn Sharp

        Activity

          People

            daryn Daryn Sharp
            daryn Daryn Sharp
            Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: