[
https://issues.apache.org/jira/browse/HADOOP-7988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13194959#comment-13194959
]
Allen Wittenauer commented on HADOOP-7988:
------------------------------------------
bq. So, if DNS servers and Kerberos servers disagree on hostname case usage
and/or sensitivity, authentication won't work.
Right. Which is why prior to 4150, forcing case at the app layer could result
in all sorts of surprising behavior since, as you pointed out, it was
ill-defined. The expectation was that the Kerberos principals would be set up
to *match* DNS in those cases where DNS itself didn't return lower case. So if
your DNS server responded with hostname.Example.ORG, then your host principal
would be host/hostname.Example.ORG. From an administrative perspective, this
was worked around by including both the "real" name and the folded name
principals in the realm and associated keytabs.
> Upper case in hostname part of the principals doesn't work with kerberos.
> -------------------------------------------------------------------------
>
> Key: HADOOP-7988
> URL: https://issues.apache.org/jira/browse/HADOOP-7988
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 0.24.0, 0.23.1, 1.0.0
> Reporter: Jitendra Nath Pandey
> Assignee: Jitendra Nath Pandey
> Attachments: HADOOP-7988.branch-1.patch
>
>
> Kerberos doesn't like upper case in the hostname part of the principals.
> This issue has been seen in 23 as well as 1.0.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
