From 99432027d3e35d4da3e0ee1b55257b05c8c13d0f Mon Sep 17 00:00:00 2001 From: Aaron Myers Date: Mon, 24 Mar 2014 00:02:46 +0000 Subject: [PATCH] HADOOP-10418. SaslRpcClient should not assume that remote principals are in the default_realm. Contributed by Aaron T. Myers. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1580667 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../main/java/org/apache/hadoop/security/SaslRpcClient.java | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 3864cbe90bf..366adc65026 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -15,6 +15,9 @@ Release 2.5.0 - UNRELEASED HADOOP-10378. Typo in help printed by hdfs dfs -help. (Mit Desai via suresh) + HADOOP-10418. SaslRpcClient should not assume that remote principals are in + the default_realm. (atm) + Release 2.4.0 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java index 92a62203f0d..dfb0898a449 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java @@ -300,7 +300,9 @@ String getServerPrincipal(SaslAuth authType) throws IOException { } // construct server advertised principal for comparision String serverPrincipal = new KerberosPrincipal( - authType.getProtocol() + "/" + authType.getServerId()).getName(); + authType.getProtocol() + "/" + authType.getServerId(), + KerberosPrincipal.KRB_NT_SRV_HST).getName(); + boolean isPrincipalValid = false; // use the pattern if defined