[
https://issues.apache.org/jira/browse/HADOOP-15440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17064250#comment-17064250
]
Xiaoqiao He commented on HADOOP-15440:
--------------------------------------
Thanks [~eyang] for your suggestions and I am very sorry for missing this JIRA
for long time.
{quote}for case `test/_HOST/test`, it will be replaced to `test/$hostname/test`.
It probably should throw error if the format is not a proper kerberos service
principal.{quote}
it could be checked in the following statement for this case IIUC.
{quote}Principal krbPrincipal = new KerberosPrincipal(spng);{quote}
{quote}I think Hadoop is using hadoop.security.dns.interface to determine which
hostname to bind. This may help for the hostname lookup.{quote}
It is true that using `hadoop.security.dns.interface` is more accurate.
Actually this logic is implement completely in `SecurityUtil` but when I want
to import `hadoop-common` to sub-module `hadoop-auth` it throws cyclic
reference exception. So my question is if we need add same logic at sub-module
`hadoop-auth` or some other solutions? Sorry I am not very familiar with this
module. Thanks again.
> Support kerberos principal name pattern for KerberosAuthenticationHandler
> -------------------------------------------------------------------------
>
> Key: HADOOP-15440
> URL: https://issues.apache.org/jira/browse/HADOOP-15440
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Xiaoqiao He
> Assignee: Xiaoqiao He
> Priority: Major
> Attachments: HADOOP-15440-trunk.001.patch, HADOOP-15440.002.patch
>
>
> When setup HttpFS server or KMS server in security mode, we have to config
> kerberos principal for these service, it doesn't support to convert Kerberos
> principal name pattern to valid Kerberos principal names whereas
> NameNode/DataNode and many other service can do that, so it makes confused
> for users. so I propose to replace hostname pattern with hostname, which
> should be fully-qualified domain name.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
