You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Xiaobing Zhou (JIRA)" <ji...@apache.org> on 2016/02/17 21:37:18 UTC

[jira] [Commented] (HADOOP-12716) KerberosAuthenticator#doSpnegoSequence use incorrect class to determine isKeyTab in JDK8

    [ https://issues.apache.org/jira/browse/HADOOP-12716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15151119#comment-15151119 ] 

Xiaobing Zhou commented on HADOOP-12716:
----------------------------------------

Thanks [~xiaoyu@neusoft.com] for the patch. There is a copy-paste issue, it should be 'Kerberos ticket'.
{code}
253	   * @return true if Kerberos keytab exist
254	   */
255	  public static boolean hasKerbosTicket(Subject subject) {
{code}

> KerberosAuthenticator#doSpnegoSequence use incorrect class to determine isKeyTab in JDK8
> ----------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12716
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12716
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.1
>         Environment: Java 8
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>         Attachments: HADOOP-12716.000.patch, HADOOP-12716.001.patch
>
>
> HADOOP-11287 and HADOOP-10786 has fixed the issue in UserGroupInformation class for JDK8. 
> However, the logic in KerberosAuthenticator#doSpnegoSequence is not updated. The KerberosKey.class below should be KeyTab.class for JDK8.
> {code}
> if (subject == null
>           || (subject.getPrivateCredentials(KerberosKey.class).isEmpty()
>               && subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) {
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)