Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9881

Some questions and possible improvement for MiniKdc/TestMiniKdc

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None

    Description

      In org.apache.hadoop.minikdc.TestMiniKdc:

      1. In testKeytabGen(), it comments principals use \ instead of /, does this mean the principal must use \ instead of / to use MiniKdc for test cases? If so, should HADOOP_SECURITY_AUTH_TO_LOCAL consider this?
      2. In testKerberosLogin(), what’s the meant difference between client login and server login? I see isInitiator option is set true or false respectively, but I’m not sure about that.
      3. Both in client login and server login, why loginContext.login() gets called again in the end? Perhaps loginContext.logout().
      4. It also considers IBM JDK. Ref current UGI implementation, looks like it needs to set KRB5CCNAME system property and useDefaultCcache option specifically.

      It’s good to test login using keytab as current provided facility and test does. Is it also possible to test login via ticket cache or how to automatically generate ticket cache with specified principal without execution of kinit? This is important to cover user Kerberos login (with kinit) if possible using MiniKdc.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            drankye Kai Zheng
            drankye Kai Zheng

            Dates

              Created:
              Updated:

              Slack

                Issue deployment