You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Jakob Homan (JIRA)" <ji...@apache.org> on 2010/03/02 02:32:05 UTC
[jira] Created: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Provide workaround for issue with Kerberos not resolving cross-realm principal
------------------------------------------------------------------------------
Key: HADOOP-6603
URL: https://issues.apache.org/jira/browse/HADOOP-6603
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Jakob Homan
Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Owen O'Malley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12842045#action_12842045 ]
Owen O'Malley commented on HADOOP-6603:
---------------------------------------
+1
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Owen O'Malley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840745#action_12840745 ]
Owen O'Malley commented on HADOOP-6603:
---------------------------------------
I don't think that the check to make sure the 2 component of the krbtgt is the realm is necessary. Other than that, it looks good.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877547#action_12877547 ]
Hadoop QA commented on HADOOP-6603:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12446784/HADOOP-6603.1.patch
against trunk revision 953388.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
-1 javadoc. The javadoc tool appears to have generated 1 warning messages.
-1 javac. The applied patch generated 1032 javac compiler warnings (more than the trunk's current 1022 warnings).
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/577/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/577/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/577/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/577/console
This message is automatically generated.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6603:
--------------------------------
Attachment: HADOOP-6603-Y20S-2.patch
Updated patch with new file. Forget git add, get sad...
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6603:
--------------------------------
Attachment: fix_comment_y20.patch
Be more explicit about this lousy method we have to have, but no one should use...
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6603:
-----------------------------------------
Status: Patch Available (was: Open)
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kan Zhang updated HADOOP-6603:
------------------------------
Attachment: HADOOP-6603-Y20S-4.patch
uploaded a new patch based on Jakob's patch (not for commit to trunk)
1. Moved SecurityUtil.java from hdfs to core.
2. Added comments on the possible presence of cross-realm TGT's in the Subject's credential cache.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Owen O'Malley (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840917#action_12840917 ]
Owen O'Malley commented on HADOOP-6603:
---------------------------------------
Shouldn't this be looking for the default realm?
Something like:
{code}
Config.getInstance().getDefaultRealm()
{code}
That seems a lot more understandable than making sure the two components are the same.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840810#action_12840810 ]
Kan Zhang commented on HADOOP-6603:
-----------------------------------
> I don't think that the check to make sure the 2 component of the krbtgt is the realm is necessary.
It's needed since we want to use the original TGS ticket issued by the user's original realm, not any intermediate TGS tickets that were cached in the Subject by previous operations. Those intermediate TGS tickets may be issued for realms that are different from the target realm of the current request, which will cause the current get service ticket operation to fail.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6603:
--------------------------------
Attachment: HADOOP-6603-Y20S.patch
Attaching patch for Y20 distribution. Manually tested; unfortunately a not unit-testable. Patch for trunk shortly. Most of this work is Kan's.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6603:
-----------------------------------------
Status: Open (was: Patch Available)
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6603:
--------------------------------
Status: Resolved (was: Patch Available)
Assignee: Jitendra Nath Pandey (was: Kan Zhang)
Resolution: Fixed
I've committed this. Resolving as fixed.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Jitendra Nath Pandey
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-6603:
--------------------------------
Attachment: HADOOP-6603-Y20S-3.patch
Updated patch with more specific logic and unit test.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840811#action_12840811 ]
Kan Zhang commented on HADOOP-6603:
-----------------------------------
+1 on the patch.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Hadoop QA (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877613#action_12877613 ]
Hadoop QA commented on HADOOP-6603:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12446806/HADOOP-6603.2.patch
against trunk revision 953388.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
-1 javadoc. The javadoc tool appears to have generated 1 warning messages.
-1 javac. The applied patch generated 1032 javac compiler warnings (more than the trunk's current 1022 warnings).
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/578/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/578/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/578/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/578/console
This message is automatically generated.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6603:
-----------------------------------------
Attachment: HADOOP-6603.2.patch
Fixed a javadoc.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6603:
-----------------------------------------
Attachment: HADOOP-6603.1.patch
Patch for common trunk uploaded.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Boris Shkolnik (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boris Shkolnik updated HADOOP-6603:
-----------------------------------
Hadoop Flags: [Reviewed]
+1
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877629#action_12877629 ]
Jitendra Nath Pandey commented on HADOOP-6603:
----------------------------------------------
Both javadoc and javac warnings are related to sun.security.krb5.Config
"warning: sun.security.krb5.Config is Sun proprietary API and may be removed in a future release"
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Kan Zhang (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12840922#action_12840922 ]
Kan Zhang commented on HADOOP-6603:
-----------------------------------
> Shouldn't this be looking for the default realm?
The default realm may not be the home realm of the current user you want to get a service ticket for.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan reassigned HADOOP-6603:
-----------------------------------
Assignee: Kan Zhang
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877789#action_12877789 ]
Hudson commented on HADOOP-6603:
--------------------------------
Integrated in Hadoop-Common-trunk #363 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk/363/])
HADOOP-6603. Provide workaround for issue with Kerberos not resolving cross-realm principal. Contributed by Kan Zhang and Jitendra Pandey.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Jitendra Nath Pandey
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Jitendra Nath Pandey (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jitendra Nath Pandey updated HADOOP-6603:
-----------------------------------------
Status: Patch Available (was: Open)
HADOOP-6603.1.patch is submitted for hudson tests.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Kan Zhang
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-6603) Provide workaround for issue with
Kerberos not resolving cross-realm principal
Posted by "Hudson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-6603?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12877672#action_12877672 ]
Hudson commented on HADOOP-6603:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #295 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/295/])
HADOOP-6603. Provide workaround for issue with Kerberos not resolving cross-realm principal. Contributed by Kan Zhang and Jitendra Pandey.
> Provide workaround for issue with Kerberos not resolving cross-realm principal
> ------------------------------------------------------------------------------
>
> Key: HADOOP-6603
> URL: https://issues.apache.org/jira/browse/HADOOP-6603
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Jakob Homan
> Assignee: Jitendra Nath Pandey
> Attachments: fix_comment_y20.patch, HADOOP-6603-Y20S-2.patch, HADOOP-6603-Y20S-3.patch, HADOOP-6603-Y20S-4.patch, HADOOP-6603-Y20S.patch, HADOOP-6603.1.patch, HADOOP-6603.2.patch
>
>
> Java's SSL-Kerberos implementation does not correctly obtain the principal for cross-realm principles when clients initiate connections to servers, resulting in the client being unable to authenticate the server. We need a work-around until this bug gets fixed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.