[ https://issues.apache.org/jira/browse/HDFS-9254?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14971312#comment-14971312 ]
Arpit Agarwal edited comment on HDFS-9254 at 10/23/15 4:37 PM: --------------------------------------------------------------- So yes it looks like at least the {{SaslRpcClient}} doesn't like principals without a host component. {code} 192.168.56.80:8485: Failed on local exception: java.io.IOException: java.lang.IllegalArgumentException: Kerberos principal name does NOT have the expected hostname part: j...@example.com; Host Details : local host is: "cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485; at org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81) at org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223) at org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232) at org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899) {code} Whereas SecurityUtil handles them fine. We should be consistent. I'll file a separate bug to fix the {{SaslRpcClient}}, and any other components I run into, but also update the doc patch for now. Thanks for the catch. was (Author: arpitagarwal): So yes it looks like at least the Journal Node doesn't like principals without a host component. {code} 192.168.56.80:8485: Failed on local exception: java.io.IOException: java.lang.IllegalArgumentException: Kerberos principal name does NOT have the expected hostname part: j...@example.com; Host Details : local host is: "cm0.example.com/192.168.56.80"; destination host is: "cm0.example.com":8485; at org.apache.hadoop.hdfs.qjournal.client.QuorumException.create(QuorumException.java:81) at org.apache.hadoop.hdfs.qjournal.client.QuorumCall.rethrowException(QuorumCall.java:223) at org.apache.hadoop.hdfs.qjournal.client.QuorumJournalManager.hasSomeData(QuorumJournalManager.java:232) at org.apache.hadoop.hdfs.server.common.Storage.confirmFormat(Storage.java:899) {code} Whereas SecurityUtil handles them fine. We should be consistent. I'll file a separate bug to fix the JN, and any other components I run into, but also update the doc patch for now. Thanks for the catch. > HDFS Secure Mode Documentation updates > -------------------------------------- > > Key: HDFS-9254 > URL: https://issues.apache.org/jira/browse/HDFS-9254 > Project: Hadoop HDFS > Issue Type: Bug > Components: documentation > Affects Versions: 2.7.1 > Reporter: Arpit Agarwal > Assignee: Arpit Agarwal > Attachments: HDFS-9254.01.patch > > > Some Kerberos configuration parameters are not documented well enough. -- This message was sent by Atlassian JIRA (v6.3.4#6332)