[
https://issues.apache.org/jira/browse/HADOOP-8043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13205027#comment-13205027
]
Alejandro Abdelnur commented on HADOOP-8043:
--------------------------------------------
Ok, so #2 should be a backport of what is in branch-1.0.
Thanks for explaining why you moved the login-context initialization from the
init() to the authenticate() method. The current code does not ask for local
hostname to create the principal, it gets it from the config file. You should
set the right principal in the config file. In your patch you are doing the
initialization only once (if NULL); first you could have race condition here
having a double initialization; second if different request may come with
different hostnames because of your vip, then your patch won't work.
It would be great if you explain what is the problem in detail as I may be
missing something here. Also, the problem would be in trunk as well, so we
should fix it there as well.
Thanks and regards.
> KerberosAuthenticationFilter and friends have some problems
> -----------------------------------------------------------
>
> Key: HADOOP-8043
> URL: https://issues.apache.org/jira/browse/HADOOP-8043
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 1.0.0
> Reporter: Allen Wittenauer
> Priority: Critical
> Attachments: HADOOP-8043-branch-1.0.txt
>
>
> KerberosAuthenticationFilter and friends have three killer usability issues
> and bugs:
> 1. Documentation is misleading/wrong.
> 2. Shared secret stored in a world readable file.
> 3. Lacks support for _HOST macro
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
