You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Tsz Wo Nicholas Sze (JIRA)" <ji...@apache.org> on 2014/03/10 20:44:47 UTC

[jira] [Created] (HADOOP-10398) KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078

Tsz Wo Nicholas Sze created HADOOP-10398:
--------------------------------------------

             Summary: KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078
                 Key: HADOOP-10398
                 URL: https://issues.apache.org/jira/browse/HADOOP-10398
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Tsz Wo Nicholas Sze
            Assignee: Tsz Wo Nicholas Sze


{code}
//KerberosAuthenticator.java
      if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
        LOG.debug("JDK performed authentication on our behalf.");
        // If the JDK already did the SPNEGO back-and-forth for
        // us, just pull out the token.
        AuthenticatedURL.extractToken(conn, token);
        return;
      } else ...
{code}
The problem of the code above is that HTTP_OK does not implies authentication completed.  We should check if the token can be extracted successfully.

This problem was reported by [~bowenzhangusa] in [this comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823] earlier.



--
This message was sent by Atlassian JIRA
(v6.2#6252)