[
https://issues.apache.org/jira/browse/HADOOP-8883?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13810561#comment-13810561
]
Robert Kanter commented on HADOOP-8883:
---------------------------------------
I was talking to [~tucu00] about this, and he could go into more detail, but
from what I understand, the JDK doesn't quite implement the spec correctly, and
in some cases it will do SPNEGO when we weren't expecting it to yet. So, while
we can do it again (as the code always does now), that's wasteful and we can
just extract the token in that case (what the code is supposed to be doing).
In any case, you are correct that the first {{if}} block is never executed
because of the change introduced by this JIRA. I'll work on a fix for that and
create a new JIRA soon.
> Anonymous fallback in KerberosAuthenticator is broken
> -----------------------------------------------------
>
> Key: HADOOP-8883
> URL: https://issues.apache.org/jira/browse/HADOOP-8883
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.3-alpha
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Labels: security
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-8883.patch
>
>
> HADOOP-8855 changed KerberosAuthenticator to handle when the JDK did the
> SPNEGO already; but this change broke using the fallback authenticator
> (PseudoAuthenticator) with an anonymous user (see OOZIE-1010).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
