You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Xiaobing Zhou (JIRA)" <ji...@apache.org> on 2016/02/17 21:37:18 UTC
[jira] [Commented] (HADOOP-12716)
KerberosAuthenticator#doSpnegoSequence use incorrect class to determine
isKeyTab in JDK8
[ https://issues.apache.org/jira/browse/HADOOP-12716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15151119#comment-15151119 ]
Xiaobing Zhou commented on HADOOP-12716:
----------------------------------------
Thanks [~xiaoyu@neusoft.com] for the patch. There is a copy-paste issue, it should be 'Kerberos ticket'.
{code}
253 * @return true if Kerberos keytab exist
254 */
255 public static boolean hasKerbosTicket(Subject subject) {
{code}
> KerberosAuthenticator#doSpnegoSequence use incorrect class to determine isKeyTab in JDK8
> ----------------------------------------------------------------------------------------
>
> Key: HADOOP-12716
> URL: https://issues.apache.org/jira/browse/HADOOP-12716
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.7.1
> Environment: Java 8
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-12716.000.patch, HADOOP-12716.001.patch
>
>
> HADOOP-11287 and HADOOP-10786 has fixed the issue in UserGroupInformation class for JDK8.
> However, the logic in KerberosAuthenticator#doSpnegoSequence is not updated. The KerberosKey.class below should be KeyTab.class for JDK8.
> {code}
> if (subject == null
> || (subject.getPrivateCredentials(KerberosKey.class).isEmpty()
> && subject.getPrivateCredentials(KerberosTicket.class).isEmpty())) {
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)