[
https://issues.apache.org/jira/browse/HADOOP-10183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15312531#comment-15312531
]
Hadoop QA commented on HADOOP-10183:
------------------------------------
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 0s
{color} | {color:blue} Docker mode activated. {color} |
| {color:blue}0{color} | {color:blue} patch {color} | {color:blue} 0m 2s
{color} | {color:blue} The patch file was not named according to hadoop's
naming conventions. Please see https://wiki.apache.org/hadoop/HowToContribute
for instructions. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 4s {color}
| {color:red} HADOOP-10183 does not apply to trunk. Rebase required? Wrong
Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/12620891/HADOOP-10183.patch.1 |
| JIRA Issue | HADOOP-10183 |
| Console output |
https://builds.apache.org/job/PreCommit-HADOOP-Build/9651/console |
| Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
> Allow use of UPN style principals in keytab files
> -------------------------------------------------
>
> Key: HADOOP-10183
> URL: https://issues.apache.org/jira/browse/HADOOP-10183
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.2.0
> Reporter: Mubashir Kazia
> Assignee: Mubashir Kazia
> Labels: BB2015-05-TBR
> Attachments: AppConnection.java, HADOOP-10183.patch,
> HADOOP-10183.patch.1, Jaas.java, SaslTestClient.java, SaslTestServer.java,
> hdfs.keytab, jaas-krb5.conf, krb5.conf
>
>
> Hadoop currently only allows SPN style (E.g. hdfs/node.fqdn@REALM) principals
> in keytab files in a cluster configured with Kerberos security. This cause
> the burden of creating multiple principals and keytabs for each node of the
> cluster. Active Directory allows the use of single principal across multiple
> hosts if the SPNs for different hosts have been setup correctly on the
> principal. With this scheme we have the server side using keytab file with
> UPN style (E.g. hdfs@REALM) principal for a given service for all the nodes
> of the cluster. The client side will request service tickets with SPN and
> it's own TGT and Active Directory will grant service tickets with the correct
> secret.
> This will simplify the use of principals and keytab files for Active
> Directory users with one principal for each service across all the nodes of
> the cluster.
> I have a patch to allow the use of UPN style principals in Hadoop. The patch
> will not affect the use of SPN style principals. I couldn't figure out a way
> to write test cases against MiniKDC so I have included the Oracle/Sun sample
> Sasl server and client code along with the configuration I used to confirm
> this scheme works.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
