You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Moritz Moeller (JIRA)" <ji...@apache.org> on 2012/09/30 17:32:07 UTC
[jira] [Created] (HADOOP-8867) always use canonical host name for
kerberos _HOST macro expansion
Moritz Moeller created HADOOP-8867:
--------------------------------------
Summary: always use canonical host name for kerberos _HOST macro expansion
Key: HADOOP-8867
URL: https://issues.apache.org/jira/browse/HADOOP-8867
Project: Hadoop Common
Issue Type: Improvement
Components: security
Affects Versions: 2.0.1-alpha
Reporter: Moritz Moeller
right now SecurityUtil.replacePattern is called with the verbatim configured hostname, not with the canonicalized form.
without this patch the hostnames in the configuration must be canonical, with this patch one can use cname aliases (we use a cname alias for the namenode).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8867) always use canonical host name for
kerberos _HOST macro expansion
Posted by "Moritz Moeller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Moritz Moeller updated HADOOP-8867:
-----------------------------------
Attachment: hadoop-common-kerberos-use-canonical-hostname-in-client.patch
this patch also canonicalizes the host name in the client KerberosAuthenticator, so the secondarynamenode can access the namenode using a cnamed host.
> always use canonical host name for kerberos _HOST macro expansion
> -----------------------------------------------------------------
>
> Key: HADOOP-8867
> URL: https://issues.apache.org/jira/browse/HADOOP-8867
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Moritz Moeller
> Attachments: hadoop-common-kerberos-use-canonical-hostname-in-client.patch, hadoop-common-kerberos-use-canonical-hostname.patch
>
>
> right now SecurityUtil.replacePattern is called with the verbatim configured hostname, not with the canonicalized form.
> without this patch the hostnames in the configuration must be canonical, with this patch one can use cname aliases (we use a cname alias for the namenode).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HADOOP-8867) always use canonical host name for
kerberos _HOST macro expansion
Posted by "Moritz Moeller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-8867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Moritz Moeller updated HADOOP-8867:
-----------------------------------
Attachment: hadoop-common-kerberos-use-canonical-hostname.patch
this patch canonicalizes the host name as needed for kerberos.
> always use canonical host name for kerberos _HOST macro expansion
> -----------------------------------------------------------------
>
> Key: HADOOP-8867
> URL: https://issues.apache.org/jira/browse/HADOOP-8867
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.1-alpha
> Reporter: Moritz Moeller
> Attachments: hadoop-common-kerberos-use-canonical-hostname.patch
>
>
> right now SecurityUtil.replacePattern is called with the verbatim configured hostname, not with the canonicalized form.
> without this patch the hostnames in the configuration must be canonical, with this patch one can use cname aliases (we use a cname alias for the namenode).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira