hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9679) KerberosName.rules are not initialized during adding kerberos support to a web servlet using hadoop authentications
Date Wed, 03 Jul 2013 03:50:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13698542#comment-13698542

Alejandro Abdelnur commented on HADOOP-9679:


bq.  But from user side, I think it will be better if we can configure kerberos.name.rules
at a configuration file(if set it in servers configuration file, it does not work directly).
And use a default value if user did not set this property in his authFilter, just like other
kerberos properties set in hdfs-site.xml/core-site.xml.

you don't need to hardcode it, it can be set it the configuration you use for the authentication
filter. The hadoop-auth AuthenticationFilter takes its configuration from the filter definition
in the web.xml. But you can create a subclass that overrides the getConfiguration(String configPrefix,
FilterConfig filterConfig) to read it from any other place. The javadocs explain how config
prefixes are handled.

Again, as I mentioned in my previous comment, the patch is not correct, you don't want to
set the name.rules on every authentication request. This is an init thing, and it already
handled. You have to set your config to 'DEFAULT; and you are done.

IMO, this is not a bug.
> KerberosName.rules are not initialized during adding kerberos support to a web servlet
using hadoop authentications
> -------------------------------------------------------------------------------------------------------------------
>                 Key: HADOOP-9679
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9679
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 1.1.1, 2.0.4-alpha
>            Reporter: fang fang chen
>             Fix For: 2.1.0-beta
>         Attachments: HADOOP-9679.patch
> I am using hadoop-1.1.1 to add kerberos authentication to a web service. But found rules
are not initialized, that makes following error happened:
> java.lang.NullPointerException
>         at org.apache.hadoop.security.KerberosName.getShortName(KerberosName.java:384)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:328)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:302)
>         at java.security.AccessController.doPrivileged(AccessController.java:310)
>         at javax.security.auth.Subject.doAs(Subject.java:573)
>         at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:302)
>         at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:340)
> Seems in hadoop-2.0.4-alpha branch, this issue still is still there. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message