HADOOP-10418. SaslRpcClient should not assume that remote principals are in the default_realm. Contributed by Aaron T. Myers.

atm · atm · commit 03fe51090058 · 2014-03-24T00:00:57.000Z
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1580666 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -318,6 +318,9 @@ Release 2.5.0 - UNRELEASED
     HADOOP-10378. Typo in help printed by hdfs dfs -help.
     (Mit Desai via suresh)
 
+    HADOOP-10418. SaslRpcClient should not assume that remote principals are in
+    the default_realm. (atm)
+
 Release 2.4.0 - UNRELEASED
 
   INCOMPATIBLE CHANGES
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java
@@ -300,7 +300,9 @@ String getServerPrincipal(SaslAuth authType) throws IOException {
     }
     // construct server advertised principal for comparision
     String serverPrincipal = new KerberosPrincipal(
-        authType.getProtocol() + "/" + authType.getServerId()).getName();
+        authType.getProtocol() + "/" + authType.getServerId(),
+        KerberosPrincipal.KRB_NT_SRV_HST).getName();
+
     boolean isPrincipalValid = false;
 
     // use the pattern if defined
