Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> regarding _HOST token replacement in security hadoop


Copy link to this message
-
Re: regarding _HOST token replacement in security hadoop
what version of hadoop are you using?

also

dfs.web.authentication.kerberos.principal should be set to HTTP/[EMAIL PROTECTED]

--
Arpit Gupta
Hortonworks Inc.
http://hortonworks.com/

On Jul 26, 2012, at 6:11 PM, Wangwenli <[EMAIL PROTECTED]> wrote:

> Hi all,
>
>   I configured like below in hdfs-site.xml:
>
> <property>
>  <name>dfs.namenode.kerberos.principal</name>
>  <value>nn/_HOST@site</value>
> </property>
>
>
> <property>
>    <name>dfs.web.authentication.kerberos.principal</name>
>    <value>nn/_HOST@site</value>
> </property>
>
>
>   When  start up namenode, I found, namenode will use principal : nn/167-52-0-56@site to login, but the http server will use nn/167-52-0-56.site@site<mailto:nn/167-52-0-56.site@site> to lgin,  so it start failed.
>
> I checked the code,
>
> Namenode will use socAddr.getHostName() to get hostname in org.apache.hadoop.hdfs.server.namenode.NameNode.loginAsNameNodeUser.
>
>
> But httpserver 's default hostname is 0.0.0.0, so in org.apache.hadoop.security.SecurityUtil.replacePattern, it will get the hostname by invoking getLocalHostName,there it use getCanonicalHostName(),
>
> I think this inconsistent is wrong,  can someone confirm this? Need raise one bug ?
>
> Thanks
>