Author: shv Date: Tue Jun 5 03:23:41 2012 New Revision: 1346224 URL: http://svn.apache.org/viewvc?rev=1346224&view=rev Log: HADOOP-8381. Substitute _HOST with hostname for HTTP principals. Contributed by Benoy Antony.
Modified: hadoop/common/branches/branch-0.22/common/CHANGES.txt hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java Modified: hadoop/common/branches/branch-0.22/common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/CHANGES.txt?rev=1346224&r1=1346223&r2=1346224&view=diff ============================================================================== --- hadoop/common/branches/branch-0.22/common/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.22/common/CHANGES.txt Tue Jun 5 03:23:41 2012 @@ -26,6 +26,9 @@ Release 0.22.1 - Unreleased HADOOP-7119. Add Kerberos HTTP SPNEGO authentication support to Hadoop JT/NN/DN/TT web-consoles. (Alejandro Abdelnur, Benoy Antony via shv) + HADOOP-8381. Substitute _HOST with hostname for HTTP principals. + (Benoy Antony via shv) + Release 0.22.0 - 2011-11-29 INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java?rev=1346224&r1=1346223&r2=1346224&view=diff ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java (original) +++ hadoop/common/branches/branch-0.22/common/src/java/org/apache/hadoop/security/authentication/server/KerberosAuthenticationHandler.java Tue Jun 5 03:23:41 2012 @@ -18,6 +18,7 @@ import org.apache.hadoop.security.authen import com.sun.security.auth.module.Krb5LoginModule; import org.apache.commons.codec.binary.Base64; import org.apache.hadoop.security.authentication.util.KerberosName; +import org.apache.hadoop.security.SecurityUtil; import org.ietf.jgss.GSSContext; import org.ietf.jgss.GSSCredential; import org.ietf.jgss.GSSManager; @@ -143,6 +144,10 @@ public class KerberosAuthenticationHandl if (principal == null || principal.trim().length() == 0) { throw new ServletException("Principal not defined in configuration"); } + + // replace _HOST with FQDN if present + principal = SecurityUtil.getServerPrincipal(principal, ""); + keytab = config.getProperty(KEYTAB, keytab); if (keytab == null || keytab.trim().length() == 0) { throw new ServletException("Keytab not defined in configuration"); Modified: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java?rev=1346224&r1=1346223&r2=1346224&view=diff ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java (original) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/TestSecurityUtil.java Tue Jun 5 03:23:41 2012 @@ -93,6 +93,8 @@ public class TestSecurityUtil { SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", (String)null)); assertEquals("hdfs/" + local + "@REALM", SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", "0.0.0.0")); + assertEquals("hdfs/" + local + "@REALM", + SecurityUtil.getServerPrincipal("hdfs/_HOST@REALM", "")); } @Test