[jira] [Commented] (HADOOP-9019) KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname everytime

Thu, 15 Nov 2012 10:58:14 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498245#comment-13498245
 ] 

Aaron T. Myers commented on HADOOP-9019:
----------------------------------------

He can use the _HOST macro, but that's not the issue. In some places in the 
code _HOST is replaced with the literal address specified in some config 
property. My understanding is Vinay wants to do something like this:

{code}
<property>
  <name>fs.defaultFS</name>
  <value>hdfs://192.168.0.2</value>
</property>
<property>
  <name>dfs.namenode.kerberos.principal</name>
  <value>hdfs/[email protected]</value>
</property>
{code}

However, this will result in Hadoop concluding the appropriate principal name 
is "hdfs/[email protected]". What Vinay is proposing is that Hadoop do a 
reverse lookup on 192.168.0.2 before forming the principal name, so that the 
expected principal is determined to be "hdfs/[email protected]".

It's still not clear to me why putting the IP address in the configs is ever 
desirable, though. In the example above, why not just set {{fs.defaultFS}} to 
"{{hdfs://host1.example.com}}"?
                
> KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal 
> with hostname everytime 
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9019
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9019
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Vinay
>
> in KerberosAuthenticator.doSpnegoSequence(..) following line of code will 
> just create a principal of the form "HTTP/<host>",
> {code}            String servicePrincipal = 
> KerberosUtil.getServicePrincipal("HTTP",
>                 KerberosAuthenticator.this.url.getHost());{code}
>  but uri.getHost() is not sure of always getting hostname. If uri contains 
> IP, then it just returns IP.
> For SPNEGO authentication principal should always be created with <hostname>.
> This code should be something like this, which will look /etc/hosts to get 
> hostname
> {code}            String hostname = InetAddress.getByName(
>                 KerberosAuthenticator.this.url.getHost()).getHostName();
> String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 hostname);{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to