[
https://issues.apache.org/jira/browse/HDFS-4105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487237#comment-13487237
]
Arpit Gupta commented on HDFS-4105:
-----------------------------------
patched a secure hadoop 1.1.0 deploy with the patch and now the secondary
namenode is able to log in.
Question if the HTTP principal fails to login should we not stop the secondary
namenode server? I think we should do that as the image calls would fail
without the if the HTTP principal was not available. Let me know and i can log
a different jira for it.
> the SPNEGO user for secondary namenode should use the web keytab
> ----------------------------------------------------------------
>
> Key: HDFS-4105
> URL: https://issues.apache.org/jira/browse/HDFS-4105
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 1.1.0, 2.0.2-alpha
> Reporter: Arpit Gupta
> Assignee: Arpit Gupta
> Attachments: HDFS-4105.branch-1.patch, HDFS-4105.patch
>
>
> This is similar to HDFS-3466 where we made sure the namenode checks for the
> web keytab before it uses the namenode keytab.
> The same needs to be done for secondary namenode as well.
> {code}
> String httpKeytab =
> conf.get(DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
> if (httpKeytab != null && !httpKeytab.isEmpty()) {
> params.put("kerberos.keytab", httpKeytab);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
