[
https://issues.apache.org/jira/browse/HDFS-4081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers resolved HDFS-4081.
----------------------------------
Resolution: Duplicate
> NamenodeProtocol and other Secure Protocols should use different config keys
> for serverPrincipal and clientPrincipal KerberosInfo components
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HDFS-4081
> URL: https://issues.apache.org/jira/browse/HDFS-4081
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 2.0.2-alpha, 2.0.3-alpha
> Reporter: Ahad Rana
>
> The Namenode protocol (NamenodeProtocol.java) defines the same config key,
> dfs.namenode.kerberos.principal, for both ServerPrincipal and ClientPrincipal
> components of the KerberosInfo data structure. This overloads the meaning of
> the dfs.namenode.kerberos.principal config key. This key can be used to
> define the namenode's principal during startup, but in the client case, it is
> used by ServiceAuthorizationManager.authorize to create a principal name
> given an incoming client's ip address. If you explicitly set the principal
> name for the namenode in the Config using this key, it then breaks
> ServiceAuthorizationManager.authorize, because it expects this same value to
> contain a Kerberos principal name pattern NOT an explicit name.
> The solve this issue, the ServerPrincipal and ClientPrincipal components of
> the NamenodeProtocol should each be assigned unique Config keys.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
