Hadoop Common
  1. Hadoop Common
  2. HADOOP-8554

KerberosAuthenticator should use the configured principal

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 1.0.0, 2.0.0-alpha, 3.0.0
    • Fix Version/s: None
    • Component/s: security

      Description

      In KerberosAuthenticator we construct the principal as follows:

      String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
      

      Seems like we should use the configured hadoop.http.authentication.kerberos.principal instead right?

      I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and is my configured principal). distcp using Hftp://localhost with the same config works so it looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp is not?).

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Eli Collins
          • Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development