[
https://issues.apache.org/jira/browse/HADOOP-10183?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13859240#comment-13859240
]
Hadoop QA commented on HADOOP-10183:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12620891/HADOOP-10183.patch.1
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:red}-1 core tests{color}. The patch failed these unit tests in
hadoop-common-project/hadoop-common:
org.apache.hadoop.metrics2.impl.TestMetricsSystemImpl
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3388//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/3388//console
This message is automatically generated.
> Allow use of UPN style principals in keytab files
> -------------------------------------------------
>
> Key: HADOOP-10183
> URL: https://issues.apache.org/jira/browse/HADOOP-10183
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.2.0
> Reporter: Mubashir Kazia
> Assignee: Mubashir Kazia
> Attachments: AppConnection.java, HADOOP-10183.patch,
> HADOOP-10183.patch.1, Jaas.java, SaslTestClient.java, SaslTestServer.java,
> hdfs.keytab, jaas-krb5.conf, krb5.conf
>
>
> Hadoop currently only allows SPN style (E.g. hdfs/node.fqdn@REALM) principals
> in keytab files in a cluster configured with Kerberos security. This cause
> the burden of creating multiple principals and keytabs for each node of the
> cluster. Active Directory allows the use of single principal across multiple
> hosts if the SPNs for different hosts have been setup correctly on the
> principal. With this scheme we have the server side using keytab file with
> UPN style (E.g. hdfs@REALM) principal for a given service for all the nodes
> of the cluster. The client side will request service tickets with SPN and
> it's own TGT and Active Directory will grant service tickets with the correct
> secret.
> This will simplify the use of principals and keytab files for Active
> Directory users with one principal for each service across all the nodes of
> the cluster.
> I have a patch to allow the use of UPN style principals in Hadoop. The patch
> will not affect the use of SPN style principals. I couldn't figure out a way
> to write test cases against MiniKDC so I have included the Oracle/Sun sample
> Sasl server and client code along with the configuration I used to confirm
> this scheme works.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
