[ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464217#comment-13464217 ]
Andy Isaacson commented on HADOOP-8855: --------------------------------------- I tested Todd's patch on a cluster with various permutations of krb5 and SSL. With the patched JAR, all of my tests passed. - hadoop.security.authentication=kerberos hadoop.ssl.enabled=true: dfsadmin -fetchImage works. - hadoop.security.authentication=simple hadoop.ssl.enabled=true: fetchImage works. - hadoop.security.authentication=kerberos hadoop.ssl.enabled=false: fetchImage works. I also duplicated Todd's observation that {{dfsadmin -fetchImage}} does not work on krb5 without the doAs. > SSL-based image transfer does not work when Kerberos is disabled > ---------------------------------------------------------------- > > Key: HADOOP-8855 > URL: https://issues.apache.org/jira/browse/HADOOP-8855 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 3.0.0, 2.0.2-alpha > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Minor > Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt > > > In SecurityUtil.openSecureHttpConnection, we first check > {{UserGroupInformation.isSecurityEnabled()}}. However, this only checks the > kerberos config, which is independent of {{hadoop.ssl.enabled}}. Instead, we > should check {{HttpConfig.isSecure()}}. > Credit to Wing Yew Poon for discovering this bug -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira