You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Tsz Wo Nicholas Sze (JIRA)" <ji...@apache.org> on 2014/03/10 20:44:47 UTC
[jira] [Created] (HADOOP-10398) KerberosAuthenticator failed to
fall back to PseudoAuthenticator after HADOOP-10078
Tsz Wo Nicholas Sze created HADOOP-10398:
--------------------------------------------
Summary: KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078
Key: HADOOP-10398
URL: https://issues.apache.org/jira/browse/HADOOP-10398
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Tsz Wo Nicholas Sze
Assignee: Tsz Wo Nicholas Sze
{code}
//KerberosAuthenticator.java
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
LOG.debug("JDK performed authentication on our behalf.");
// If the JDK already did the SPNEGO back-and-forth for
// us, just pull out the token.
AuthenticatedURL.extractToken(conn, token);
return;
} else ...
{code}
The problem of the code above is that HTTP_OK does not implies authentication completed. We should check if the token can be extracted successfully.
This problem was reported by [~bowenzhangusa] in [this comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823] earlier.
--
This message was sent by Atlassian JIRA
(v6.2#6252)