[HADOOP-8554] KerberosAuthenticator should use the configured principal - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Invalid
Affects Version/s: 1.0.0, 2.0.0-alpha, 3.0.0-alpha1
Fix Version/s: None
Component/s: security
Labels:
- security
- webconsole

Description

In KerberosAuthenticator we construct the principal as follows:

String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost();

Seems like we should use the configured hadoop.http.authentication.kerberos.principal instead right?

I hit this issue as a distcp using webhdfs://localhost fails because HTTP/localhost is not in the kerb DB but using webhdfs://eli-thinkpad works because HTTP/eli-thinkpad is (and is my configured principal). distcp using Hftp://localhost with the same config works so it looks like this check is webhdfs specific for some reason (webhdfs is using spnego and hftp is not?).

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Eli Collins

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 04/Jul/12 02:29

Updated:: 12/May/16 18:21

Resolved:: 07/Jul/12 00:32