hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-7887) KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration
Date Wed, 07 Dec 2011 01:46:40 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-7887?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Alejandro Abdelnur updated HADOOP-7887:

    Attachment: HADOOP-7887.patch

The attached patch configures the name rules as part of the configuration of the KerberosAuthenticatorHandler.

Verified Kerberos testcases pass and added a new test to test this setting happens.

The UGI on initialization (first call to *isSecurityEnabled()* ) reads the name rules for
Hadoop configuration files (-site.xml). It is not possible to se a different name rule directly.

So, the trick is, if using hadoop-auth outside of Hadoop (ie by Oozie) set the name rules
in the hadoop-auth configuration properties and call UGI.isSecurityEnabled() before the KerberosAuthenticationHandler
is initialized. If using it from Hadoop no need to set it in the hadoop-auth configuration,
it will use the one set by UGI
> KerberosAuthenticatorHandler is not setting KerberosName name rules from configuration
> --------------------------------------------------------------------------------------
>                 Key: HADOOP-7887
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7887
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.24.0, 0.23.1
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>            Priority: Critical
>             Fix For: 0.24.0, 0.23.1
>         Attachments: HADOOP-7887.patch
> While the KerberosAuthenticatorHandler defines the name rules property, it does not set
it in KerberosName.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message