[
https://issues.apache.org/jira/browse/HDFS-8572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14581336#comment-14581336
]
Yongjun Zhang commented on HDFS-8572:
-------------------------------------
HI [~wheat9],
Thanks for reporting the issue and the patch. Coincidentally I am investigating
this issue this couple of days and identified that HDFS-7279 caused the problem.
I briefly looked at the patch, found that the test failure of your patch is
because it always set the cluster to secure in the following code:
{code}
HttpServer2.Builder builder = new HttpServer2.Builder()
.setName("datanode")
.setConf(confForInfoServer)
.setACL(new AccessControlList(conf.get(DFS_ADMIN, " ")))
.setSecurityEnabled(true) <============================================
.setUsernameConfKey(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY)
.setKeytabConfKey(DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY)
.hostName(getHostnameForSpnegoPrincipal(confForInfoServer))
.addEndpoint(URI.create("http://localhost:0";))
.setFindPort(true);
{code}
Suggest to change it to
{code}
boolean isSecure = UserGroupInformation.isSecurityEnabled();
.setSecurityEnabled(isSecure)
{code}
Thanks.
> DN uses incorrect kerberos principals in spnego authentication
> --------------------------------------------------------------
>
> Key: HDFS-8572
> URL: https://issues.apache.org/jira/browse/HDFS-8572
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Haohui Mai
> Assignee: Haohui Mai
> Priority: Blocker
> Attachments: HDFS-8572.000.patch
>
>
> After HDFS-7279, the DN always uses {{HTTP/locahost@REALM}} to authenticate
> spnego requests, which breaks all the security deployments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
