[ https://issues.apache.org/jira/browse/HADOOP-18573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17648013#comment-17648013 ]
ASF GitHub Bot commented on HADOOP-18573: ----------------------------------------- steveloughran merged PR #5221: URL: https://github.com/apache/hadoop/pull/5221 > Improve error reporting on non-standard kerberos names > ------------------------------------------------------ > > Key: HADOOP-18573 > URL: https://issues.apache.org/jira/browse/HADOOP-18573 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 3.3.4 > Reporter: Steve Loughran > Assignee: Steve Loughran > Priority: Blocker > Labels: pull-request-available > > The kerberos RFC does not declare any restriction on > characters used in kerberos names, though > implementations MAY be more restrictive. > If the kerberos controller supports use non-conventional > user names *and the kerberos admin chooses to use them* > this can confuse some of the parsing. > The obvious solution is for the enterprise admins to "not do that" > as a lot of things break, bits of hadoop included. > Harden the hadoop code slightly so at least we fail more gracefully, > so people can then get in touch with their sysadmin and tell them > to stop it. > Note: given the kerberos admin is implicitly a superuser, being > able to create malformed principal names. > doesn't give them any privileges, just offers a different way > to stop the cluster working. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org