[
https://issues.apache.org/jira/browse/HADOOP-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13698542#comment-13698542
]
Alejandro Abdelnur commented on HADOOP-9679:
--------------------------------------------
Lulynn,
bq. But from user side, I think it will be better if we can configure
kerberos.name.rules at a configuration file(if set it in servers configuration
file, it does not work directly). And use a default value if user did not set
this property in his authFilter, just like other kerberos properties set in
hdfs-site.xml/core-site.xml.
you don't need to hardcode it, it can be set it the configuration you use for
the authentication filter. The hadoop-auth AuthenticationFilter takes its
configuration from the filter definition in the web.xml. But you can create a
subclass that overrides the getConfiguration(String configPrefix, FilterConfig
filterConfig) to read it from any other place. The javadocs explain how config
prefixes are handled.
Again, as I mentioned in my previous comment, the patch is not correct, you
don't want to set the name.rules on every authentication request. This is an
init thing, and it already handled. You have to set your config to 'DEFAULT;
and you are done.
IMO, this is not a bug.
> KerberosName.rules are not initialized during adding kerberos support to a
> web servlet using hadoop authentications
> -------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9679
> URL: https://issues.apache.org/jira/browse/HADOOP-9679
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 1.1.1, 2.0.4-alpha
> Reporter: fang fang chen
> Fix For: 2.1.0-beta
>
> Attachments: HADOOP-9679.patch
>
>
> I am using hadoop-1.1.1 to add kerberos authentication to a web service. But
> found rules are not initialized, that makes following error happened:
> java.lang.NullPointerException
> at
> org.apache.hadoop.security.KerberosName.getShortName(KerberosName.java:384)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:328)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:302)
> at
> java.security.AccessController.doPrivileged(AccessController.java:310)
> at javax.security.auth.Subject.doAs(Subject.java:573)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:302)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:340)
> Seems in hadoop-2.0.4-alpha branch, this issue still is still there.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
