[
https://issues.apache.org/jira/browse/HADOOP-8518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13403178#comment-13403178
]
Alejandro Abdelnur commented on HADOOP-8518:
--------------------------------------------
(I'm not an expert either, just know a bit about it :) ) Yes, the MiM attack
would require a valid principal/credentials (a keytab). In a large cluster
setup, with 1000s machines this would mean that 1 rogue machine could do a MiM.
> SPNEGO client side should use KerberosName rules
> ------------------------------------------------
>
> Key: HADOOP-8518
> URL: https://issues.apache.org/jira/browse/HADOOP-8518
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.0.3, 2.0.0-alpha
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Fix For: 1.1.0, 2.0.1-alpha
>
>
> currently KerberosName is used only on the server side to resolve the client
> name, we should use it on the client side as well to resolve the server name
> before getting the kerberos ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
