Author: shv
Date: Tue Jun 5 03:23:41 2012
New Revision: 1346224
URL: http://svn.apache.org/viewvc?rev=1346224&view=rev
Log:
HADOOP-8381. Substitute _HOST with hostname for HTTP principals. Contributed by
Benoy Antony.
Modified:
hadoop/common/branches/branch-0.22/common/CHANGES.txt
hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
Modified: hadoop/common/branches/branch-0.22/common/CHANGES.txt
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/CHANGES.txt?rev=1346224&r1=1346223&r2=1346224&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.22/common/CHANGES.txt (original)
+++ hadoop/common/branches/branch-0.22/common/CHANGES.txt Tue Jun 5 03:23:41
2012
@@ -26,6 +26,9 @@ Release 0.22.1 - Unreleased
HADOOP-7119. Add Kerberos HTTP SPNEGO authentication support to Hadoop
JT/NN/DN/TT web-consoles. (Alejandro Abdelnur, Benoy Antony via shv)
+ HADOOP-8381. Substitute _HOST with hostname for HTTP principals.
+ (Benoy Antony via shv)
+
Release 0.22.0 - 2011-11-29
INCOMPATIBLE CHANGES
Modified:
hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1346224&r1=1346223&r2=1346224&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
(original)
+++
hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java
Tue Jun 5 03:23:41 2012
@@ -18,6 +18,7 @@ import org.apache.hadoop.security.authen
import com.sun.security.auth.module.Krb5LoginModule;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.util.KerberosName;
+import org.apache.hadoop.security.SecurityUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
@@ -143,6 +144,10 @@ public class KerberosAuthenticationHandl
if (principal == null || principal.trim().length() == 0) {
throw new ServletException("Principal not defined in configuration");
}
+
+ // replace _HOST with FQDN if present
+ principal = SecurityUtil.getServerPrincipal(principal, "");
+
keytab = config.getProperty(KEYTAB, keytab);
if (keytab == null || keytab.trim().length() == 0) {
throw new ServletException("Keytab not defined in configuration");
Modified:
hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
URL:
http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java?rev=1346224&r1=1346223&r2=1346224&view=diff
==============================================================================
---
hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
(original)
+++
hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java
Tue Jun 5 03:23:41 2012
@@ -93,6 +93,8 @@ public class TestSecurityUtil {
SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM",
(String)null));
assertEquals("hdfs/" + local + "@REALM",
SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM",
"0.0.0.0"));
+ assertEquals("hdfs/" + local + "@REALM",
+ SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", ""));
}
@Test
