[ https://issues.apache.org/jira/browse/HADOOP-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14335412#comment-14335412 ]
Allen Wittenauer commented on HADOOP-11628: ------------------------------------------- Win 2k does, Win 2k3 does not, based upon https://technet.microsoft.com/en-us/library/cc772815%28v=ws.10%29.aspx . Ugh: http://stackoverflow.com/questions/12229658/java-spnego-unwanted-spn-canonicalization If you follow the thread mentioned, gives more details on why this is a bad deployment strategy. So I'm thinking this should probably be a runtime option with a default of off. > SPNEGO auth does not work with CNAMEs in JDK8 > --------------------------------------------- > > Key: HADOOP-11628 > URL: https://issues.apache.org/jira/browse/HADOOP-11628 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.6.0 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Priority: Critical > Labels: jdk8 > Attachments: HADOOP-11628.patch > > > Pre-JDK8, GSSName auto-canonicalized the hostname when constructing the > principal for SPNEGO. JDK8 no longer does this which breaks the use of > user-friendly CNAMEs for services. -- This message was sent by Atlassian JIRA (v6.3.4#6332)