You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Steve Loughran (Jira)" <ji...@apache.org> on 2022/12/14 12:19:00 UTC
[jira] [Created] (HADOOP-18573) Improve error reporting on non-standard kerberos names
Steve Loughran created HADOOP-18573:
---------------------------------------
Summary: Improve error reporting on non-standard kerberos names
Key: HADOOP-18573
URL: https://issues.apache.org/jira/browse/HADOOP-18573
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 3.3.4
Reporter: Steve Loughran
Assignee: Steve Loughran
The kerberos RFC does not declare any restriction on
characters used in kerberos names, though
implementations MAY be more restrictive.
If the kerberos controller supports use non-conventional
user names *and the kerberos admin chooses to use them*
this can confuse some of the parsing.
The obvious solution is for the enterprise admins to "not do that"
as a lot of things break, bits of hadoop included.
Harden the hadoop code slightly so at least we fail more gracefully,
so people can then get in touch with their sysadmin and tell them
to stop it.
Note: given the kerberos admin is implicitly a superuser being able to
doesn't give them any privileges, just offers a different way
to stop the cluster working.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org