HADOOP-10418. SaslRpcClient should not assume that remote principals are in the default_realm. Contributed by Aaron T. Myers.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1580667 13f79535-47bb-0310-9956-ffa450edef68
2014-03-24 00:02:46 +00:00 · 2014-03-24 00:02:46 +00:00 · 99432027d3
parent b78c43d421
commit 99432027d3
2 changed files with 6 additions and 1 deletions
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@ -15,6 +15,9 @@ Release 2.5.0 - UNRELEASED
    HADOOP-10378. Typo in help printed by hdfs dfs -help.
    (Mit Desai via suresh)

+    HADOOP-10418. SaslRpcClient should not assume that remote principals are in
+    the default_realm. (atm)
+
 Release 2.4.0 - UNRELEASED

  INCOMPATIBLE CHANGES
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
@ -300,7 +300,9 @@ String getServerPrincipal(SaslAuth authType) throws IOException {
    }
    // construct server advertised principal for comparision
    String serverPrincipal = new KerberosPrincipal(
-        authType.getProtocol() + "/" + authType.getServerId()).getName();
+        authType.getProtocol() + "/" + authType.getServerId(),
+        KerberosPrincipal.KRB_NT_SRV_HST).getName();
+
    boolean isPrincipalValid = false;

    // use the pattern if defined