Hadoop Common
  1. Hadoop Common
  2. HADOOP-8554

KerberosAuthenticator should use the configured principal

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Invalid
    • Affects Version/s: 1.0.0, 2.0.0-alpha, 3.0.0
    • Fix Version/s: None
    • Component/s: security

      Description

      In KerberosAuthenticator we construct the principal as follows:

      String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();
      

      Seems like we should use the configured hadoop.http.authentication.kerberos.principal instead right?

      I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and is my configured principal). distcp using Hftp://localhost with the same config works so it looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp is not?).

        Activity

        Arun C Murthy made changes -
        Affects Version/s 2.1.0-alpha [ 12321441 ]
        Eli Collins made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Invalid [ 6 ]
        Laxman made changes -
        Field Original Value New Value
        Labels security webconsole
        Affects Version/s 2.0.0-alpha [ 12320352 ]
        Affects Version/s 2.0.1-alpha [ 12321441 ]
        Affects Version/s 3.0.0 [ 12320357 ]
        Eli Collins created issue -

          People

          • Assignee:
            Unassigned
            Reporter:
            Eli Collins
          • Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development