Xiaoyu Yao created HADOOP-13520:
-----------------------------------
Summary: Document HADOOP-10158 for multi home/SPN support of HTTP
principles
Key: HADOOP-13520
URL: https://issues.apache.org/jira/browse/HADOOP-13520
Project: Hadoop Common
Issue Type: Improvement
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
With HADOOP-10158, it is possible to load multiple principal names or all HTTP
principals in the key tab by specifying “*” for multi home/realm scenarios
where multiple SPNs exist for HTTP.
This ticket is opened to
1) Document the newly supported option * for HTTP principles such as
hadoop.http.authentication.kerberos.principal.
2) Change the hadoop.http.authentication.kerberos.principal in core-default.xml
from
{code}
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>HTTP/_HOST@LOCALHOST</value>
<description>
Indicates the Kerberos principal to be used for HTTP endpoint.
The principal MUST start with 'HTTP/' as per Kerberos HTTP SPNEGO
specification.
</description>
</property>
{code}
to save one more configuration key needed.
{code}
<property>
<name>hadoop.http.authentication.kerberos.principal</name>
<value>*</value>
<description>
Indicates using all the Kerberos principals from
hadoop.http.authentication.kerberos.keytab for Kerberos HTTP SPNEGO
authentication, which is needed for multiple interface/SPN scenarios.
</description>
</property>
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
