[ https://issues.apache.org/jira/browse/HADOOP-15440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17064250#comment-17064250 ]
Xiaoqiao He commented on HADOOP-15440: -------------------------------------- Thanks [~eyang] for your suggestions and I am very sorry for missing this JIRA for long time. {quote}for case `test/_HOST/test`, it will be replaced to `test/$hostname/test`. It probably should throw error if the format is not a proper kerberos service principal.{quote} it could be checked in the following statement for this case IIUC. {quote}Principal krbPrincipal = new KerberosPrincipal(spng);{quote} {quote}I think Hadoop is using hadoop.security.dns.interface to determine which hostname to bind. This may help for the hostname lookup.{quote} It is true that using `hadoop.security.dns.interface` is more accurate. Actually this logic is implement completely in `SecurityUtil` but when I want to import `hadoop-common` to sub-module `hadoop-auth` it throws cyclic reference exception. So my question is if we need add same logic at sub-module `hadoop-auth` or some other solutions? Sorry I am not very familiar with this module. Thanks again. > Support kerberos principal name pattern for KerberosAuthenticationHandler > ------------------------------------------------------------------------- > > Key: HADOOP-15440 > URL: https://issues.apache.org/jira/browse/HADOOP-15440 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Xiaoqiao He > Assignee: Xiaoqiao He > Priority: Major > Attachments: HADOOP-15440-trunk.001.patch, HADOOP-15440.002.patch > > > When setup HttpFS server or KMS server in security mode, we have to config > kerberos principal for these service, it doesn't support to convert Kerberos > principal name pattern to valid Kerberos principal names whereas > NameNode/DataNode and many other service can do that, so it makes confused > for users. so I propose to replace hostname pattern with hostname, which > should be fully-qualified domain name. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org