[
https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398823#comment-13398823
]
Rohini Palaniswamy commented on HADOOP-8518:
--------------------------------------------
Tucu,
The client should support Server principal canonicalization through DNS. It
is one of the standard practices and many clients like curl, Firefox do it.
http://books.google.com/books?id=dGMd-uay-lkC&pg=PT232&lpg=PT232
http://docs.oracle.com/cd/E19253-01/816-4557/planning-25/index.html
Having to configure hadoop.security.auth_to_local for something that is a very
common Kerberos practice/standard is not ideal.
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
> Key: HADOOP-8518
> URL: https://issues.apache.org/jira/browse/HADOOP-8518
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client
> name, we should use it on the client side as well to resolve the server name
> before getting the kerberos ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
