[
https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13807696#comment-13807696
]
Robert Kanter commented on HADOOP-8883:
---------------------------------------
Looking at that code snippet, it does indeed seem like that the
{{Authorization}} header would be excluded and return {{null}}. But then it
seems weird that this had fixed the problem. There's a unit test and we saw it
fix the issue in OOZIE-1010.
Is it possible that OpenJDK 1.7, OpenJDK 1.6, and Oracle JDK 7 exclude the
header but Oracle JDK 6 does not? If so, then this could be a JDK
compatibility issue, and we should create a new JIRA to figure out a new way of
fixing this.
Can you check if the unit test in the patch
{{TestKerberosAuthenticator#testFallbacktoPseudoAuthenticatorAnonymous}} fails
on OpenJDK 1.7, OpenJDK 1.6, or Oracle JDK 7? I'm sure it passes on Oracle JDK
6.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the
> SPNEGO already; but this change broke using the fallback authenticator
> (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
