You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Laxman (JIRA)" <ji...@apache.org> on 2012/07/04 11:30:36 UTC
[jira] [Created] (HADOOP-8555) Incorrect Kerberos configuration
Laxman created HADOOP-8555:
------------------------------
Summary: Incorrect Kerberos configuration
Key: HADOOP-8555
URL: https://issues.apache.org/jira/browse/HADOOP-8555
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 3.0.0
Reporter: Laxman
When keytab is given ticket cache should not be considered.
Following configuration tries to use ticket cache even when keytab is configured. We need not configure ticket cache here.
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.KerberosConfiguration.getAppConfigurationEntry(String)
{code}
options.put("keyTab", keytab);
options.put("principal", principal);
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
options.put("useTicketCache", "true");
options.put("renewTGT", "true");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "false");
String ticketCache = System.getenv("KRB5CCNAME");
if (ticketCache != null) {
options.put("ticketCache", ticketCache);
}
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HADOOP-8555) Incorrect Kerberos configuration
Posted by "Laxman (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406392#comment-13406392 ]
Laxman commented on HADOOP-8555:
--------------------------------
This code should be
{code}
options.put("keyTab", keytab);
options.put("principal", principal);
options.put("useKeyTab", "true");
options.put("storeKey", "true");
options.put("doNotPrompt", "true");
options.put("refreshKrb5Config", "true");
options.put("isInitiator", "false");
{code}
I just removed this ticket cache related configuration.
> Incorrect Kerberos configuration
> --------------------------------
>
> Key: HADOOP-8555
> URL: https://issues.apache.org/jira/browse/HADOOP-8555
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 3.0.0
> Reporter: Laxman
> Labels: kerberos, security
>
> When keytab is given ticket cache should not be considered.
> Following configuration tries to use ticket cache even when keytab is configured. We need not configure ticket cache here.
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.KerberosConfiguration.getAppConfigurationEntry(String)
> {code}
> options.put("keyTab", keytab);
> options.put("principal", principal);
> options.put("useKeyTab", "true");
> options.put("storeKey", "true");
> options.put("doNotPrompt", "true");
> options.put("useTicketCache", "true");
> options.put("renewTGT", "true");
> options.put("refreshKrb5Config", "true");
> options.put("isInitiator", "false");
> String ticketCache = System.getenv("KRB5CCNAME");
> if (ticketCache != null) {
> options.put("ticketCache", ticketCache);
> }
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira