Hi Eric,
Thanks for starting this discussion.
Kerberos was developed decade before web development becomes popular.
> There are some Kerberos limitations which does not work well in Hadoop.
>
Sure, Kerberos was developed long before the web but it was selected as de
facto authentication
uffering
>
> Any change must be matched with clarifications the hadoop security docs,
> and KDiag extended to provide extra information about the source of the
> cache.
>
> One big risk here is over regressions across versions of clients
>
>
>> On Mon, Mar 18, 2
Hello Devs,
I'm Vipin, a long time Apache Hadoop user and I like to tinker around in my
free time. I've been a MIT Kerberos contributor in my past life.
While chasing the Kerberos credential cache usage in Hadoop, I found out
that UGI code[1] makes use of KRB5CCNAME environment variable to find
Vipin Rathor created HADOOP-15519:
-
Summary: KMS fails to read the existing key metadata after
upgrading to JDK 1.8u171
Key: HADOOP-15519
URL: https://issues.apache.org/jira/browse/HADOOP-15519
Vipin Rathor created HADOOP-15123:
-
Summary: KDiag tries to load krb5.conf from KRB5CCNAME instead of
KRB5_CONFIG
Key: HADOOP-15123
URL: https://issues.apache.org/jira/browse/HADOOP-15123
Project