[
https://issues.apache.org/jira/browse/HADOOP-15440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898846#comment-16898846
]
He Xiaoqiao commented on HADOOP-15440:
--------------------------------------
[~eyang], I try to recall changes about this patch, and it seems that it is
same as {{SecurityUtil#getServerPrincipal}} which is not import by submodule
`hadoop-common`.
for case `test/test/test`, it will split to [test,test,test] but
`components[1]` is not equals to `_HOST`, so it will not be replaced.
for case `test/_HOST/test`, it will be replaced to `test/$hostname/test`.
{quote}While this works fine for server with single network interface. It can
create problems for multi-homed network that getCanonicalHostName doesn't
return the desired hostname.{quote}
it is true. it seems {{DNS.getHosts}} give one choice, any suggestions? Thanks
again.
> Support kerberos principal name pattern for KerberosAuthenticationHandler
> -------------------------------------------------------------------------
>
> Key: HADOOP-15440
> URL: https://issues.apache.org/jira/browse/HADOOP-15440
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: He Xiaoqiao
> Assignee: He Xiaoqiao
> Priority: Major
> Attachments: HADOOP-15440-trunk.001.patch, HADOOP-15440.002.patch
>
>
> When setup HttpFS server or KMS server in security mode, we have to config
> kerberos principal for these service, it doesn't support to convert Kerberos
> principal name pattern to valid Kerberos principal names whereas
> NameNode/DataNode and many other service can do that, so it makes confused
> for users. so I propose to replace hostname pattern with hostname, which
> should be fully-qualified domain name.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
