[
https://issues.apache.org/jira/browse/HDFS-7546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14251781#comment-14251781
]
Yongjun Zhang commented on HDFS-7546:
-------------------------------------
Hi [~qwertymaniac],
Thanks for reporting the issue and providing patch. I labeled it as
"supportability". I reviewed the change and have a few comments.
* The description of the property can be improved with more information. What
about:
{code}
A client-side property that describes permitted server principal pattern. It
can be configured
to control allowed realms to authenticate with, which is useful in cross-realm
environment.
{code}
* what's the current default of this property prior to your change?
* wonder if there is any catch by changing the default pattern to "*", which
essentially accepts any pattern?
> Document, and set an accepting default for
> dfs.namenode.kerberos.principal.pattern
> ----------------------------------------------------------------------------------
>
> Key: HDFS-7546
> URL: https://issues.apache.org/jira/browse/HDFS-7546
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.1.1-beta
> Reporter: Harsh J
> Assignee: Harsh J
> Priority: Minor
> Labels: supportability
> Attachments: HDFS-7546.patch
>
>
> This config is used in the SaslRpcClient, and the no-default breaks
> cross-realm trust principals being used at clients.
> Current location:
> https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java#L309
> The config should be documented and the default should be set to * to
> preserve the prior-to-introduction behaviour.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
