[
https://issues.apache.org/jira/browse/HDFS-4043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583086#comment-17583086
]
ASF GitHub Bot commented on HDFS-4043:
--------------------------------------
snmvaughan opened a new pull request, #4785:
URL: https://github.com/apache/hadoop/pull/4785
Backport of the changes from trunk.
Use the existing DomainNameResolver to leverage the pluggable resolution
framework. This provides a means to perform a reverse lookup if needed.
Update default implementation of DNSDomainNameResolver to protect against
returning the IP address as a string from a cached value.
- [X] Does the title or this PR starts with the corresponding JIRA issue id
(e.g. 'HADOOP-17799. Your PR title ...')?
- [ ] Object storage: have the integration tests been executed and the
endpoint declared according to the connector-specific documentation?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`,
`NOTICE-binary` files?
> Namenode Kerberos Login does not use proper hostname for host qualified hdfs
> principal name.
> --------------------------------------------------------------------------------------------
>
> Key: HDFS-4043
> URL: https://issues.apache.org/jira/browse/HDFS-4043
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: security
> Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 2.0.2-alpha, 2.0.3-alpha,
> 3.4.0, 3.3.9
> Environment: CDH4U1 on Ubuntu 12.04
> Reporter: Ahad Rana
> Assignee: Steve Vaughan
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.4.0, 3.3.9
>
> Original Estimate: 24h
> Time Spent: 50m
> Remaining Estimate: 23h 10m
>
> The Namenode uses the loginAsNameNodeUser method in NameNode.java to login
> using the hdfs principal. This method in turn invokes SecurityUtil.login with
> a hostname (last parameter) obtained via a call to InetAddress.getHostName.
> This call does not always return the fully qualified host name, and thus
> causes the namenode to login to fail due to kerberos's inability to find a
> matching hdfs principal in the hdfs.keytab file. Instead it should use
> InetAddress.getCanonicalHostName. This is consistent with what is used
> internally by SecurityUtil.java to login in other services, such as the
> DataNode.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
