[
https://issues.apache.org/jira/browse/HADOOP-9325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13584428#comment-13584428
]
Alejandro Abdelnur commented on HADOOP-9325:
--------------------------------------------
Setting the following property should work:
hadoop.http.authentication.kerberos.names.rules=${hadoop.security.auth_to_local}
If it works then we should repurpose this JIRA to update hadoop-auth
documentation to mention the [PREFIX].kerberos.names.rules property.
And the HttpAuthentication.html page
(http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/HttpAuthentication.html)
should also be updated to mention the concrete property in this case (at the
beginning of this comment). It seems the link from the sidebar in the docs is
missing the HttpAuthentication.html page, we should add that too.
> KerberosAuthenticationHandler AuthenticationFilter and should be able to
> reference Hadoop configurations
> --------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9325
> URL: https://issues.apache.org/jira/browse/HADOOP-9325
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Kai Zheng
>
> In KerberosAuthenticationHandler SPNEGO activities, KerberosName is used to
> get short name for client principal, which needs in some Kerberos
> authentication situations to reference translation rules defined in Hadoop
> configuration file like core-site.xml
> as follows:
> <property>
> <name>hadoop.security.auth_to_local</name>
> <value>...</value>
> </property>
> Note, this is an issue only if default rule can't meet the requirement and
> custom rules need to be defined.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
