You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Aaron T. Myers (JIRA)" <ji...@apache.org> on 2012/05/10 04:26:49 UTC
[jira] [Commented] (HADOOP-8381) Substitute _HOST with hostname
for HTTP principals
[ https://issues.apache.org/jira/browse/HADOOP-8381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13272036#comment-13272036 ]
Aaron T. Myers commented on HADOOP-8381:
----------------------------------------
Hi Benoy, I don't think this patch works as intended. I don't think it makes sense to default to using the local hostname if no hostname is provided to SecurityUtil#getServerPrincipal(...).
> Substitute _HOST with hostname for HTTP principals
> ----------------------------------------------------
>
> Key: HADOOP-8381
> URL: https://issues.apache.org/jira/browse/HADOOP-8381
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 0.22.0
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Priority: Minor
> Fix For: 0.22.1
>
> Attachments: HOST-substitution-spnego.patch
>
>
> SPNEGO based Web Authentication uses HTTP/fqdn@REALM as the kerberos principal for each host.
> Since it is difficult to modify the config for each host, a substitution feature where _HOST gets replaced by fqdn is implemented.
> The task is to provide similar feature for the kerberos principals used for SPNEGO principals
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira