[
https://issues.apache.org/jira/browse/HADOOP-9789?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13725352#comment-13725352
]
Hadoop QA commented on HADOOP-9789:
-----------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12595196/HADOOP-9789.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 2 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-common-project/hadoop-common.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HADOOP-Build/2894//testReport/
Console output:
https://builds.apache.org/job/PreCommit-HADOOP-Build/2894//console
This message is automatically generated.
> Support server advertised kerberos principals
> ---------------------------------------------
>
> Key: HADOOP-9789
> URL: https://issues.apache.org/jira/browse/HADOOP-9789
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc, security
> Affects Versions: 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
> Attachments: HADOOP-9789.patch, HADOOP-9789.patch
>
>
> The RPC client currently constructs the kerberos principal based on the a
> config value, usually with an _HOST substitution. This means the service
> principal must match the hostname the client is using to connect. This
> causes problems:
> * Prevents using HA with IP failover when the servers have distinct
> principals from the failover hostname
> * Prevents clients from being able to access a service bound to multiple
> interfaces. Only the interface that matches the server's principal may be
> used.
> The client should be able to use the SASL advertised principal (HADOOP-9698),
> with appropriate safeguards, to acquire the correct service ticket.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
