You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Aaron T. Myers (JIRA)" <ji...@apache.org> on 2012/11/08 21:38:13 UTC

[jira] [Commented] (HADOOP-9019) KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname everytime

    [ https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13493472#comment-13493472 ] 

Aaron T. Myers commented on HADOOP-9019:
----------------------------------------

Hi Vinay, is the issue here that you're using IP addresses in the config instead of hostnames? If so, why not just use hostnames in your configuration?

The change you suggest here is probably fine, but I'd like to understand what the motivation is.
                
> KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal with hostname everytime 
> --------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-9019
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9019
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Vinay
>
> in KerberosAuthenticator.doSpnegoSequence(..) following line of code will just create a principal of the form "HTTP/<host>",
> {code}            String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 KerberosAuthenticator.this.url.getHost());{code}
>  but uri.getHost() is not sure of always getting hostname. If uri contains IP, then it just returns IP.
> For SPNEGO authentication principal should always be created with <hostname>.
> This code should be something like this, which will look /etc/hosts to get hostname
> {code}            String hostname = InetAddress.getByName(
>                 KerberosAuthenticator.this.url.getHost()).getHostName();
> String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP",
>                 hostname);{code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira