Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hadoop >> mail # dev >> regarding _HOST token replacement in security hadoop


Copy link to this message
-
Re: regarding _HOST token replacement in security hadoop
what version of hadoop are you using?

also

dfs.web.authentication.kerberos.principal should be set to HTTP/[EMAIL PROTECTED]

--
Arpit Gupta
Hortonworks Inc.
http://hortonworks.com/

On Jul 26, 2012, at 6:11 PM, Wangwenli <[EMAIL PROTECTED]> wrote:

> Hi all,
>
>   I configured like below in hdfs-site.xml:
>
> <property>
>  <name>dfs.namenode.kerberos.principal</name>
>  <value>nn/_HOST@site</value>
> </property>
>
>
> <property>
>    <name>dfs.web.authentication.kerberos.principal</name>
>    <value>nn/_HOST@site</value>
> </property>
>
>
>   When  start up namenode, I found, namenode will use principal : nn/167-52-0-56@site to login, but the http server will use nn/167-52-0-56.site@site<mailto:nn/167-52-0-56.site@site> to lgin,  so it start failed.
>
> I checked the code,
>
> Namenode will use socAddr.getHostName() to get hostname in org.apache.hadoop.hdfs.server.namenode.NameNode.loginAsNameNodeUser.
>
>
> But httpserver 's default hostname is 0.0.0.0, so in org.apache.hadoop.security.SecurityUtil.replacePattern, it will get the hostname by invoking getLocalHostName,there it use getCanonicalHostName(),
>
> I think this inconsistent is wrong,  can someone confirm this? Need raise one bug ?
>
> Thanks
>

NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB