[
https://issues.apache.org/jira/browse/HADOOP-10850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077992#comment-14077992
]
Daryn Sharp commented on HADOOP-10850:
--------------------------------------
As best I can tell, the determining factor for whether spnego is not supported
is if "Negotiator.getNegotiator(hci)" returns null. I don't think a false
blacklisting can occur. A host is:
# Whitelisted if an instance is instantiated
# Blacklisted if class "sun.net.www.protocol.http.spnego.NegotiatorImpl" is not
available, or a reflection error occurs instantiating an instance.
# No-op for any non-reflection related exceptions. Next attempt will try again
until null or no exception.
> KerberosAuthenticator should not do the SPNEGO handshake
> --------------------------------------------------------
>
> Key: HADOOP-10850
> URL: https://issues.apache.org/jira/browse/HADOOP-10850
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.1
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
>
> As mentioned in HADOOP-10453, the JDK automatically does a SPNEGO handshake
> when opening a connection with a URL within a Kerberos login context, there
> is no need to do the SPNEGO handshake in the {{KerberosAuthenticator}},
> simply extract the auth token (hadoop-auth cookie) and do the fallback if
> necessary.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
