[
https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498691#comment-13498691
]
Vinay commented on HADOOP-9019:
-------------------------------
Hi Aaron,
Your explanation is correct. Anyway I am not worried about hdfs principal, for
that any alternative principal name instead of "_HOST" such as 'hdfs/hadoop'
will work. But especially for SPNEGO, we need 'HTTP' principal in the form of
'HTTP/<hostname>' only.
In a private cluster where machines dont have any DNS server and also mapping
of all ip/hostnames may not be present in /etc/hosts. In that case we may need
to use IP instead of hostname in configs.
So in that case, we need to resolve the above problem.
> KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal
> with hostname everytime
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9019
> URL: https://issues.apache.org/jira/browse/HADOOP-9019
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Vinay
>
> in KerberosAuthenticator.doSpnegoSequence(..) following line of code will
> just create a principal of the form "HTTP/<host>",
> {code} String servicePrincipal =
> KerberosUtil.getServicePrincipal("HTTP",
> KerberosAuthenticator.this.url.getHost());{code}
> but uri.getHost() is not sure of always getting hostname. If uri contains
> IP, then it just returns IP.
> For SPNEGO authentication principal should always be created with <hostname>.
> This code should be something like this, which will look /etc/hosts to get
> hostname
> {code} String hostname = InetAddress.getByName(
> KerberosAuthenticator.this.url.getHost()).getHostName();
> String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
> hostname);{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
