[
https://issues.apache.org/jira/browse/HDFS-14136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shubham Dewan updated HDFS-14136:
---------------------------------
Attachment: HDFS-14136.001.patch
Status: Patch Available (was: Open)
> In ZKDelegationTokenSecretManager class Principal which is used to SetAcl is
> harcoded
> ---------------------------------------------------------------------------------------
>
> Key: HDFS-14136
> URL: https://issues.apache.org/jira/browse/HDFS-14136
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Shubham Dewan
> Priority: Blocker
> Attachments: HDFS-14136.001.patch, image-2018-12-10-17-54-33-361.png
>
>
> !image-2018-12-10-17-54-33-361.png!
> If no rule {{ kerberos.removeRealmFromPrincipal=true }} and {{
> kerberos.removeHostFromPrincipal=true }} is defined to remove host and realm
> from the principal, then authorization fails as full Principal is passed for
> auth but set one is splitted one..
> We can use *{{KerberosName#getShortName()}}* method for getting the principal
> based upon rules configured in *{{hadoop.security.auth_to_local}}*and setting
> the ACL.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
