Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-14032 [libhdfs++] Phase 2 improvements
  3. HDFS-10451

libhdfs++: Look up kerberos principal by username

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • hdfs-client
    • None

    Description

      SaslProtocol::Negotiate passes the user name directly to the sasl_engine for authentication; the SASL engines require that.

      HDFS maps princpals to usernames by stripping off the realm and hostname. We should query the ccache for all available tickets, and find the one that best matches the passed-in username using the HDFS semantics. e.g. if the username is client1, and we have a ticket for client1/machine1.foo.com@FOO.COM, we should use that ticket.

      If multiple tickets match, the one that most exactly matches the username (host, realm) should be used.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bobhansen Bob Hansen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: