[jira] [Commented] (HADOOP-9446) Support Kerberos HTTP SPNEGO authentication for non-SUN JDK

Fri, 09 Aug 2013 22:28:35 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735761#comment-13735761
 ] 

Yu Gao commented on HADOOP-9446:
--------------------------------

Post the test results of TestKerberosAuthenticator and 
TestKerberosAuthenticationHandler against trunk after the patch:

$ mvn -Dtest=TestKerberosAuthenticator 
-Dhadoop-auth.test.kerberos.client.principal=test 
-Dhadoop-auth.test.kerberos.server.principal=HTTP/localhost 
-Dhadoop-auth.test.kerberos.keytab.file=/etc/krb5.keytab 
-Dhadoop-auth.test.kerberos.realm=TEST.COM 
-Djava.security.krb5.conf=/etc/krb5.conf test

-------------------------------------------------------------------------------
Test set: 
org.apache.hadoop.security.authentication.client.TestKerberosAuthenticator
-------------------------------------------------------------------------------
Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.381 sec


$ mvn -Dtest=TestKerberosAuthenticationHandler 
-Dhadoop-auth.test.kerberos.client.principal=test 
-Dhadoop-auth.test.kerberos.server.principal=HTTP/localhost 
-Dhadoop-auth.test.kerberos.keytab.file=/etc/krb5.keytab 
-Dhadoop-auth.test.kerberos.realm=TEST.COM 
-Djava.security.krb5.conf=/etc/krb5.conf test

-------------------------------------------------------------------------------
Test set: 
org.apache.hadoop.security.authentication.server.TestKerberosAuthenticationHandler
-------------------------------------------------------------------------------
Tests run: 8, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.396 sec

                
> Support Kerberos HTTP SPNEGO authentication for non-SUN JDK
> -----------------------------------------------------------
>
>                 Key: HADOOP-9446
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9446
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.1.1, 2.0.2-alpha
>            Reporter: Yu Gao
>            Assignee: Yu Gao
>         Attachments: HADOOP-9446-branch-2.patch, HADOOP-9446.patch, 
> TestKerberosHttpSPNEGO.java
>
>
> Class KerberosAuthenticator and KerberosAuthenticationHandler currently only 
> support running with SUN JDK when Kerberos is enabled. In order to support  
> alternative JDKs like IBM JDK which has different options supported by 
> Krb5LoginModule and different login module classes, the HTTP Kerberos 
> authentication classes need to be changed.
> In addition, NT_GSS_KRB5_PRINCIPAL, which is used in KerberosAuthenticator to 
> get the corresponding oid instance, is a field defined in SUN JDK, but not in 
> IBM JDK.
> This JIRA is to fix the existing problems and add support for Kerberos HTTP 
> SPNEGO authentication with non-SUN JDK.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to