[ https://issues.apache.org/jira/browse/HADOOP-8554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eli Collins resolved HADOOP-8554. --------------------------------- Resolution: Invalid You're right, thanks for the explanation, I didn't realize the principal config was server-side only. Also, the reason I hit this with webhdfs and not hftp is that hftp doesn't support SPNEGO. > KerberosAuthenticator should use the configured principal > --------------------------------------------------------- > > Key: HADOOP-8554 > URL: https://issues.apache.org/jira/browse/HADOOP-8554 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 1.0.0, 2.0.0-alpha, 2.0.1-alpha, 3.0.0 > Reporter: Eli Collins > Labels: security, webconsole > > In KerberosAuthenticator we construct the principal as follows: > {code} > String servicePrincipal = "HTTP/" + KerberosAuthenticator.this.url.getHost(); > {code} > Seems like we should use the configured > hadoop.http.authentication.kerberos.principal instead right? > I hit this issue as a distcp using webhdfs://localhost fails because > HTTP/localhost is not in the kerb DB but using webhdfs://eli-thinkpad works > because HTTP/eli-thinkpad is (and is my configured principal). distcp using > Hftp://localhost with the same config works so it looks like this check is > webhdfs specific for some reason (webhdfs is using spnego and hftp is not?). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira