[prev in list] [next in list] [prev in thread] [next in thread]
List: hadoop-dev
Subject: [jira] [Created] (HADOOP-11332) KerberosAuthenticator#doSpnegoSequence should check if kerberos TGT
From: "Dian Fu (JIRA)" <jira () apache ! org>
Date: 2014-11-25 10:45:12
Message-ID: JIRA.12757657.1416912262000.14816.1416912312492 () Atlassian ! JIRA
[Download RAW message or body]
Dian Fu created HADOOP-11332:
--------------------------------
Summary: KerberosAuthenticator#doSpnegoSequence should check if kerberos \
TGT is available in the subject Key: HADOOP-11332
URL: https://issues.apache.org/jira/browse/HADOOP-11332
Project: Hadoop Common
Issue Type: Bug
Components: security
Reporter: Dian Fu
Assignee: Dian Fu
In {{KerberosAuthenticator#doSpnegoSequence}}, it first check if the subject is \
{{null}} before actually doing spnego, if the subject is {{null}}, it will first \
perform kerberos login before doing spnego. We should also check if kerberos TGT \
exists in the subject, if not, we should also perform kerberos login. This situation \
will occur when we configure KMS as kerberos enabled (via configure \
{{hadoop.kms.authentication.type}} as {{kerberos}}) and other hadoop services not \
kerberos enabled(via configure {{hadoop.security.authentication}} as {{simple}}). In \
this case, when client connect to KMS, KMS will trigger kerberos authentication and \
as {{hadoop.security.authentication}} is configured as {{simple}} in hadoop cluster, \
the client side haven't login with kerberos method currently, but maybe it has \
already login using simple method which will make {{subject}} not null.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic