[ https://issues.apache.org/jira/browse/HADOOP-9019?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13494482#comment-13494482 ]
Aaron T. Myers commented on HADOOP-9019: ---------------------------------------- Got it. Thanks for the explanation. I'm not opposed to this change, but it does seem like a bit of an odd use case. These machines have to have hostnames (with properly configured reverse DNS, no less) so I don't understand why folks would want to put IP addresses in their configs. I won't object to the change if folks want to make it, though. > KerberosAuthenticator.doSpnegoSequence(..) should create a HTTP principal > with hostname everytime > -------------------------------------------------------------------------------------------------- > > Key: HADOOP-9019 > URL: https://issues.apache.org/jira/browse/HADOOP-9019 > Project: Hadoop Common > Issue Type: Bug > Reporter: Vinay > > in KerberosAuthenticator.doSpnegoSequence(..) following line of code will > just create a principal of the form "HTTP/<host>", > {code} String servicePrincipal = > KerberosUtil.getServicePrincipal("HTTP", > KerberosAuthenticator.this.url.getHost());{code} > but uri.getHost() is not sure of always getting hostname. If uri contains > IP, then it just returns IP. > For SPNEGO authentication principal should always be created with <hostname>. > This code should be something like this, which will look /etc/hosts to get > hostname > {code} String hostname = InetAddress.getByName( > KerberosAuthenticator.this.url.getHost()).getHostName(); > String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", > hostname);{code} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira