[ https://issues.apache.org/jira/browse/HDFS-4043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13475524#comment-13475524 ]
Brahma Reddy Battula commented on HDFS-4043: -------------------------------------------- Hi Ahad Rana, I think,,this is same as HDFS-3980..Please refer following comment.. https://issues.apache.org/jira/browse/HDFS-3980?focusedCommentId=13469267&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13469267.. Can I duplicate this...? Please correct me If I am wrong.. > Namenode Kerberos Login does not use proper hostname for host qualified hdfs > principal name. > -------------------------------------------------------------------------------------------- > > Key: HDFS-4043 > URL: https://issues.apache.org/jira/browse/HDFS-4043 > Project: Hadoop HDFS > Issue Type: Bug > Components: security > Affects Versions: 2.0.0-alpha, 2.0.1-alpha, 2.0.2-alpha, 2.0.3-alpha > Environment: CDH4U1 on Ubuntu 12.04 > Reporter: Ahad Rana > Original Estimate: 24h > Remaining Estimate: 24h > > The Namenode uses the loginAsNameNodeUser method in NameNode.java to login > using the hdfs principal. This method in turn invokes SecurityUtil.login with > a hostname (last parameter) obtained via a call to InetAddress.getHostName. > This call does not always return the fully qualified host name, and thus > causes the namenode to login to fail due to kerberos's inability to find a > matching hdfs principal in the hdfs.keytab file. Instead it should use > InetAddress.getCanonicalHostName. This is consistent with what is used > internally by SecurityUtil.java to login in other services, such as the > DataNode. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira