hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9446) Support Kerberos HTTP SPNEGO authentication for non-SUN JDK
Date Mon, 12 Aug 2013 22:25:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13737447#comment-13737447
] 

Luke Lu commented on HADOOP-9446:
---------------------------------

bq. Should PlatformName.java be moved to hadoop-auth package? this will affect classes referring
to it. 

To the hadoop-auth module, I think so. We should keep it in the o.a.h.util package, since
it's less disruptive, as hadoop-common already depends on hadoop-auth for KerberosName etc,
though eventually we might need to come up with something like hadoop-common-util that  hadoop-auth,
hadoop-common and some other modules (e.g. hadoop-nfs, hadoop-fs-extras, hadoop-webapp etc.)
in the common project can depend on. It's not worth creating a new module now for this class
only.
                
> Support Kerberos HTTP SPNEGO authentication for non-SUN JDK
> -----------------------------------------------------------
>
>                 Key: HADOOP-9446
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9446
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.1.1, 2.0.2-alpha
>            Reporter: Yu Gao
>            Assignee: Yu Gao
>         Attachments: HADOOP-9446-branch-2.patch, HADOOP-9446.patch, TestKerberosHttpSPNEGO.java,
TEST-org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator.xml, TEST-org.apache.hadoop.security.authentication.server.TestKerberosAuthenticationHandler.xml
>
>
> Class KerberosAuthenticator and KerberosAuthenticationHandler currently only support
running with SUN JDK when Kerberos is enabled. In order to support  alternative JDKs like
IBM JDK which has different options supported by Krb5LoginModule and different login module
classes, the HTTP Kerberos authentication classes need to be changed.
> In addition, NT_GSS_KRB5_PRINCIPAL, which is used in KerberosAuthenticator to get the
corresponding oid instance, is a field defined in SUN JDK, but not in IBM JDK.
> This JIRA is to fix the existing problems and add support for Kerberos HTTP SPNEGO authentication
with non-SUN JDK.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message