[ https://issues.apache.org/jira/browse/HADOOP-16214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803018#comment-16803018 ]
Erik Krogen commented on HADOOP-16214: -------------------------------------- I see some discussion of Hadoop's handling of Kerberos names containing slashes in HADOOP-12751 (starting [here|https://issues.apache.org/jira/browse/HADOOP-12751?focusedCommentId=15124818&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15124818]). It looks like eventually it was decided that it makes sense to allow Kerberos identities which contain slashes in a way that don't confirm with Hadoop's normal expectation of {{user/host@realm}} (see [this|https://issues.apache.org/jira/browse/HADOOP-12751?focusedCommentId=15239016&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15239016]). So it seems to me that it would be worthwhile to fix this issue. Ping [~templedf], [~steve_l], [~daryn] who have been involved in previous efforts in this area. > Kerberos name implementation in Hadoop does not accept principals with more > than two components > ----------------------------------------------------------------------------------------------- > > Key: HADOOP-16214 > URL: https://issues.apache.org/jira/browse/HADOOP-16214 > Project: Hadoop Common > Issue Type: Bug > Components: auth > Reporter: Issac Buenrostro > Priority: Major > > org.apache.hadoop.security.authentication.util.KerberosName is in charge of > converting a Kerberos principal to a user name in Hadoop for all of the > services requiring authentication. > Although the Kerberos spec > ([https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html]) > allows for an arbitrary number of components in the principal, the Hadoop > implementation will throw a "Malformed Kerberos name:" error if the principal > has more than two components (because the regex can only read serviceName and > hostName). -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org