[jira] [Commented] (HADOOP-9446) Support Kerberos HTTP SPNEGO authentication for non-SUN JDK

Mon, 01 Apr 2013 19:07:18 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13619441#comment-13619441
 ] 

Yu Gao commented on HADOOP-9446:
--------------------------------

The branch 1 patch also includes patches from HADOOP-9283 and HADOOP-9305 which 
fixed UGI for IBM JDK only in branch 2.

To test the patches, one needs to use IBM JDK. I tested them by starting Hadoop 
daemons with security enabled (including Kerberos HTTP SPNEGO authentication), 
and verified that SecondaryNameNode was successfully checkpointing. Also tested 
accessing NN/DN/SNN/JT/TT Web UI, and accessing HDFS/submitting jobs through 
Hadoop client. All worked as expected.

Attached a simple standalone testcase which can verify the patches with IBM JDK 
as well.
                
> Support Kerberos HTTP SPNEGO authentication for non-SUN JDK
> -----------------------------------------------------------
>
>                 Key: HADOOP-9446
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9446
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.1.1, 2.0.2-alpha
>            Reporter: Yu Gao
>            Assignee: Yu Gao
>         Attachments: HADOOP-9446-branch-1.patch, HADOOP-9446-branch-2.patch, 
> HADOOP-9446.patch
>
>
> Class KerberosAuthenticator and KerberosAuthenticationHandler currently only 
> support running with SUN JDK when Kerberos is enabled. In order to support  
> alternative JDKs like IBM JDK which has different options supported by 
> Krb5LoginModule and different login module classes, the HTTP Kerberos 
> authentication classes need to be changed.
> In addition, NT_GSS_KRB5_PRINCIPAL, which is used in KerberosAuthenticator to 
> get the corresponding oid instance, is a field defined in SUN JDK, but not in 
> IBM JDK.
> This JIRA is to fix the existing problems and add support for Kerberos HTTP 
> SPNEGO authentication with non-SUN JDK.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to