[
https://issues.apache.org/jira/browse/HADOOP-10418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers updated HADOOP-10418:
------------------------------------
Description: In SaslRpcClient#getServerPrincipal, when constructing the
KerberosPrincipal to compare to the configured value, we just assume that the
remote principal is in the default realm configured in /etc/krb5.conf. This
will not always be the case, however. Instead, we should use the configured
domain_realm mapping to determine the realm of the remote principal. (was: We )
> SaslRpcClient should not assume that remote principals are in the
> default_realm
> -------------------------------------------------------------------------------
>
> Key: HADOOP-10418
> URL: https://issues.apache.org/jira/browse/HADOOP-10418
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-10418.patch
>
>
> In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal
> to compare to the configured value, we just assume that the remote principal
> is in the default realm configured in /etc/krb5.conf. This will not always be
> the case, however. Instead, we should use the configured domain_realm mapping
> to determine the realm of the remote principal.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
