Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
In org.apache.hadoop.minikdc.TestMiniKdc:
- In testKeytabGen(), it comments principals use \ instead of /, does this mean the principal must use \ instead of / to use MiniKdc for test cases? If so, should HADOOP_SECURITY_AUTH_TO_LOCAL consider this?
- In testKerberosLogin(), what’s the meant difference between client login and server login? I see isInitiator option is set true or false respectively, but I’m not sure about that.
- Both in client login and server login, why loginContext.login() gets called again in the end? Perhaps loginContext.logout().
- It also considers IBM JDK. Ref current UGI implementation, looks like it needs to set KRB5CCNAME system property and useDefaultCcache option specifically.
It’s good to test login using keytab as current provided facility and test does. Is it also possible to test login via ticket cache or how to automatically generate ticket cache with specified principal without execution of kinit? This is important to cover user Kerberos login (with kinit) if possible using MiniKdc.
Attachments
Issue Links
- is related to
-
HADOOP-9848 Create a MiniKDC for use with security testing
-
- Closed
-
- relates to
-
-
- Closed
-
- requires
-
-
- Open
-