[
https://issues.apache.org/jira/browse/HDFS-8572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14581543#comment-14581543
]
Yongjun Zhang commented on HDFS-8572:
-------------------------------------
Hi [~wheat9],
Thanks for the new rev. Two comments here:
1. I noticed that your new rev removed the call to
{code}
.setSecurityEnabled(...)
.setUsernameConfKey(DFS_WEB_AUTHENTICATION_KERBEROS_PRINCIPAL_KEY)
.setKeytabConfKey(DFS_WEB_AUTHENTICATION_KERBEROS_KEYTAB_KEY)
{code}
So the datanode http server's {{securityEnabled}} is the default value
{{false}} and the following code is not executed:
{code}
if (this.securityEnabled) {
server.initSpnego(conf, hostName, usernameConfKey, keytabConfKey);
}
{code}
Is this expected? if so, why we don't need to set securityEnabled here? when do
we need to set it?
2. There is a redundant line to be removed:
{code}
import static org.apache.hadoop.hdfs.DFSConfigKeys.*;
{code}
Thanks.
> DN uses incorrect kerberos principals in spnego authentication
> --------------------------------------------------------------
>
> Key: HDFS-8572
> URL: https://issues.apache.org/jira/browse/HDFS-8572
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Haohui Mai
> Assignee: Haohui Mai
> Priority: Blocker
> Attachments: HDFS-8572.000.patch, HDFS-8572.001.patch
>
>
> After HDFS-7279, the DN always uses {{HTTP/locahost@REALM}} to authenticate
> spnego requests, which breaks all the security deployments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
