Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9881

Some questions and possible improvement for MiniKdc/TestMiniKdc

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments


    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None


      In org.apache.hadoop.minikdc.TestMiniKdc:

      1. In testKeytabGen(), it comments principals use \ instead of /, does this mean the principal must use \ instead of / to use MiniKdc for test cases? If so, should HADOOP_SECURITY_AUTH_TO_LOCAL consider this?
      2. In testKerberosLogin(), what’s the meant difference between client login and server login? I see isInitiator option is set true or false respectively, but I’m not sure about that.
      3. Both in client login and server login, why loginContext.login() gets called again in the end? Perhaps loginContext.logout().
      4. It also considers IBM JDK. Ref current UGI implementation, looks like it needs to set KRB5CCNAME system property and useDefaultCcache option specifically.

      It’s good to test login using keytab as current provided facility and test does. Is it also possible to test login via ticket cache or how to automatically generate ticket cache with specified principal without execution of kinit? This is important to cover user Kerberos login (with kinit) if possible using MiniKdc.


        Issue Links


          This comment will be Viewable by All Users Viewable by All Users


            drankye Kai Zheng
            drankye Kai Zheng




                Issue deployment