Author: atm Date: Mon Mar 24 00:00:57 2014 New Revision: 1580666 URL: http://svn.apache.org/r1580666 Log: HADOOP-10418. SaslRpcClient should not assume that remote principals are in the default_realm. Contributed by Aaron T. Myers.
Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt?rev=1580666&r1=1580665&r2=1580666&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt Mon Mar 24 00:00:57 2014 @@ -318,6 +318,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10378. Typo in help printed by hdfs dfs -help. (Mit Desai via suresh) + HADOOP-10418. SaslRpcClient should not assume that remote principals are in + the default_realm. (atm) + Release 2.4.0 - UNRELEASED INCOMPATIBLE CHANGES Modified: hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java URL: http://svn.apache.org/viewvc/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java?rev=1580666&r1=1580665&r2=1580666&view=diff ============================================================================== --- hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java (original) +++ hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java Mon Mar 24 00:00:57 2014 @@ -300,7 +300,9 @@ public class SaslRpcClient { } // construct server advertised principal for comparision String serverPrincipal = new KerberosPrincipal( - authType.getProtocol() + "/" + authType.getServerId()).getName(); + authType.getProtocol() + "/" + authType.getServerId(), + KerberosPrincipal.KRB_NT_SRV_HST).getName(); + boolean isPrincipalValid = false; // use the pattern if defined