[
https://issues.apache.org/jira/browse/HADOOP-11332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14232235#comment-14232235
]
Hadoop QA commented on HADOOP-11332:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12683520/HADOOP-11332.patch
against trunk revision 52bcefc.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-auth.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5143//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/5143//console
This message is automatically generated.
> KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT is
> available in the subject
> ------------------------------------------------------------------------------------------------
>
> Key: HADOOP-11332
> URL: https://issues.apache.org/jira/browse/HADOOP-11332
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: Dian Fu
> Assignee: Dian Fu
> Attachments: HADOOP-11332.patch
>
>
> In {{KerberosAuthenticator#doSpnegoSequence}}, it first check if the subject
> is {{null}} before actually doing spnego, if the subject is {{null}}, it will
> first perform kerberos login before doing spnego. We should also check if
> kerberos TGT exists in the subject, if not, we should also perform kerberos
> login. This situation will occur when we configure KMS as kerberos enabled
> (via configure {{hadoop.kms.authentication.type}} as {{kerberos}}) and other
> hadoop services not kerberos enabled(via configure
> {{hadoop.security.authentication}} as {{simple}}). In this case, when client
> connect to KMS, KMS will trigger kerberos authentication and as
> {{hadoop.security.authentication}} is configured as {{simple}} in hadoop
> cluster, the client side haven't login with kerberos method currently, but
> maybe it has already login using simple method which will make {{subject}}
> not null.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
