[ https://issues.apache.org/jira/browse/HADOOP-15440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898846#comment-16898846 ]
He Xiaoqiao commented on HADOOP-15440: -------------------------------------- [~eyang], I try to recall changes about this patch, and it seems that it is same as {{SecurityUtil#getServerPrincipal}} which is not import by submodule `hadoop-common`. for case `test/test/test`, it will split to [test,test,test] but `components[1]` is not equals to `_HOST`, so it will not be replaced. for case `test/_HOST/test`, it will be replaced to `test/$hostname/test`. {quote}While this works fine for server with single network interface. It can create problems for multi-homed network that getCanonicalHostName doesn't return the desired hostname.{quote} it is true. it seems {{DNS.getHosts}} give one choice, any suggestions? Thanks again. > Support kerberos principal name pattern for KerberosAuthenticationHandler > ------------------------------------------------------------------------- > > Key: HADOOP-15440 > URL: https://issues.apache.org/jira/browse/HADOOP-15440 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: He Xiaoqiao > Assignee: He Xiaoqiao > Priority: Major > Attachments: HADOOP-15440-trunk.001.patch, HADOOP-15440.002.patch > > > When setup HttpFS server or KMS server in security mode, we have to config > kerberos principal for these service, it doesn't support to convert Kerberos > principal name pattern to valid Kerberos principal names whereas > NameNode/DataNode and many other service can do that, so it makes confused > for users. so I propose to replace hostname pattern with hostname, which > should be fully-qualified domain name. -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org