[
https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13398918#comment-13398918
]
Alejandro Abdelnur commented on HADOOP-8518:
--------------------------------------------
@Daryn, the hadoop-auth SPNEGO client creates a token with HTTP/<HOST> as
server principal where <HOST> is the host specifid in the URL. If you are using
a hostname alias, then the resolved server principal will be HTTP<HOST-alias>.
Then problem is that the KDC will not recognize this principal because it does
not exist. This means that the hadoop-auth SPNEGO client should find out what
is the real hostname to use as <HOST>. Hope this clarifies.
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
> Key: HADOOP-8518
> URL: https://issues.apache.org/jira/browse/HADOOP-8518
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client
> name, we should use it on the client side as well to resolve the server name
> before getting the kerberos ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
