Tsz Wo Nicholas Sze created HADOOP-10398: --------------------------------------------
Summary: KerberosAuthenticator failed to fall back to PseudoAuthenticator after HADOOP-10078 Key: HADOOP-10398 URL: https://issues.apache.org/jira/browse/HADOOP-10398 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Tsz Wo Nicholas Sze Assignee: Tsz Wo Nicholas Sze {code} //KerberosAuthenticator.java if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) { LOG.debug("JDK performed authentication on our behalf."); // If the JDK already did the SPNEGO back-and-forth for // us, just pull out the token. AuthenticatedURL.extractToken(conn, token); return; } else ... {code} The problem of the code above is that HTTP_OK does not implies authentication completed. We should check if the token can be extracted successfully. This problem was reported by [~bowenzhangusa] in [this comment|https://issues.apache.org/jira/browse/HADOOP-10078?focusedCommentId=13896823&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13896823] earlier. -- This message was sent by Atlassian JIRA (v6.2#6252)