[
https://issues.apache.org/jira/browse/HADOOP-15440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898547#comment-16898547
]
Eric Yang commented on HADOOP-15440:
------------------------------------
Not sure about this code:
{code:java}
String[] components = principalConfig.split("[/@]");
{code}
What happen if princpalConfig string is "test/test/test"?
Not sure about this code:
{code:java}
fqdn = InetAddress.getLocalHost().getCanonicalHostName();{code}
While this works fine for server with single network interface. It can create
problems for multi-homed network that getCanonicalHostName doesn't return the
desired hostname.
Some context is required to make the conversion proper. I am unsure the
generalization is a good idea without proper context.
> Support kerberos principal name pattern for KerberosAuthenticationHandler
> -------------------------------------------------------------------------
>
> Key: HADOOP-15440
> URL: https://issues.apache.org/jira/browse/HADOOP-15440
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: He Xiaoqiao
> Assignee: He Xiaoqiao
> Priority: Major
> Attachments: HADOOP-15440-trunk.001.patch, HADOOP-15440.002.patch
>
>
> When setup HttpFS server or KMS server in security mode, we have to config
> kerberos principal for these service, it doesn't support to convert Kerberos
> principal name pattern to valid Kerberos principal names whereas
> NameNode/DataNode and many other service can do that, so it makes confused
> for users. so I propose to replace hostname pattern with hostname, which
> should be fully-qualified domain name.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
