Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9881

Some questions and possible improvement for MiniKdc/TestMiniKdc

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      In org.apache.hadoop.minikdc.TestMiniKdc:

      1. In testKeytabGen(), it comments principals use \ instead of /, does this mean the principal must use \ instead of / to use MiniKdc for test cases? If so, should HADOOP_SECURITY_AUTH_TO_LOCAL consider this?
      2. In testKerberosLogin(), what’s the meant difference between client login and server login? I see isInitiator option is set true or false respectively, but I’m not sure about that.
      3. Both in client login and server login, why loginContext.login() gets called again in the end? Perhaps loginContext.logout().
      4. It also considers IBM JDK. Ref current UGI implementation, looks like it needs to set KRB5CCNAME system property and useDefaultCcache option specifically.

      It’s good to test login using keytab as current provided facility and test does. Is it also possible to test login via ticket cache or how to automatically generate ticket cache with specified principal without execution of kinit? This is important to cover user Kerberos login (with kinit) if possible using MiniKdc.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                drankye Kai Zheng
                Reporter:
                drankye Kai Zheng
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: