[
https://issues.apache.org/jira/browse/HADOOP-10418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13944522#comment-13944522
]
Daryn Sharp commented on HADOOP-10418:
--------------------------------------
+1 Looks ok to me. I assumed kerberos was using the krb5.conf realm mapping
since it works in our env.
> SaslRpcClient should not assume that remote principals are in the
> default_realm
> -------------------------------------------------------------------------------
>
> Key: HADOOP-10418
> URL: https://issues.apache.org/jira/browse/HADOOP-10418
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.4.0
> Reporter: Aaron T. Myers
> Assignee: Aaron T. Myers
> Attachments: HADOOP-10418.patch
>
>
> In SaslRpcClient#getServerPrincipal, when constructing the KerberosPrincipal
> to compare to the configured value, we just assume that the remote principal
> is in the default realm configured in /etc/krb5.conf. This will not always be
> the case, however. Instead, we should use the configured domain_realm mapping
> to determine the realm of the remote principal.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
