[
https://issues.apache.org/jira/browse/HADOOP-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14335412#comment-14335412
]
Allen Wittenauer commented on HADOOP-11628:
-------------------------------------------
Win 2k does, Win 2k3 does not, based upon
https://technet.microsoft.com/en-us/library/cc772815%28v=ws.10%29.aspx .
Ugh:
http://stackoverflow.com/questions/12229658/java-spnego-unwanted-spn-canonicalization
If you follow the thread mentioned, gives more details on why this is a bad
deployment strategy. So I'm thinking this should probably be a runtime option
with a default of off.
> SPNEGO auth does not work with CNAMEs in JDK8
> ---------------------------------------------
>
> Key: HADOOP-11628
> URL: https://issues.apache.org/jira/browse/HADOOP-11628
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
> Labels: jdk8
> Attachments: HADOOP-11628.patch
>
>
> Pre-JDK8, GSSName auto-canonicalized the hostname when constructing the
> principal for SPNEGO. JDK8 no longer does this which breaks the use of
> user-friendly CNAMEs for services.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
