Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-8554

KerberosAuthenticator should use the configured principal

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: 1.0.0, 2.0.0-alpha, 3.0.0-alpha1
    • Fix Version/s: None
    • Component/s: security

      Description

      In KerberosAuthenticator we construct the principal as follows:

      String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
      

      Seems like we should use the configured hadoop.http.authentication.kerberos.principal instead right?

      I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and is my configured principal). distcp using Hftp://localhost with the same config works so it looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp is not?).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              eli Eli Collins
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: