Kai Zheng created HADOOP-9881:
---------------------------------
Summary: Some questions and possible improvement for
MiniKdc/TestMiniKdc
Key: HADOOP-9881
URL: https://issues.apache.org/jira/browse/HADOOP-9881
Project: Hadoop Common
Issue Type: Improvement
Components: security
Reporter: Kai Zheng
In org.apache.hadoop.minikdc.TestMiniKdc:
# In testKeytabGen(), it comments ??principals use \ instead of /??, does this
mean the principal must use \ instead of / to use MiniKdc for test cases? If
so, should *HADOOP_SECURITY_AUTH_TO_LOCAL* consider this?
# In testKerberosLogin(), what’s the meant difference between client login and
server login? I see isInitiator option is set true or false respectively, but
I’m not sure about that.
# Both in client login and server login, why loginContext.login() gets called
again in the end? Perhaps loginContext.logout().
# It also considers IBM JDK. Ref current UGI implementation, looks like it
needs to set KRB5CCNAME system property and useDefaultCcache option
specifically.
It’s good to test login using keytab as current provided facility and test
does. Is it also possible to test login via ticket cache or how to
automatically generate ticket cache with specified principal without execution
of kinit? This is important to cover user Kerberos login (with kinit) if
possible using MiniKdc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
