Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

svn merge -c 1176720 from branch-0.20-security for HDFS-2368.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-205@1176721 13f79535-47bb-0310-9956-ffa450edef68
Tsz-wo Sze 14 years ago
parent
9a17bb38b9
commit
5566c4cb60
3 changed files with 23 additions and 20 deletions
Split View Show Diff Stats
  1. 3 0
      CHANGES.txt
  2. 0 20
      src/hdfs/hdfs-default.xml
  3. 20 0
      src/packages/templates/conf/hdfs-site.xml

+ 3 - 0
CHANGES.txt
View File 

@@ -321,6 +321,9 @@ Release 0.20.205.0 - 2011.09.27
 
     HADOOP-7510. Add configurable option to use original hostname in token
 
     instead of IP to allow server IP change. (Daryn Sharp via suresh)
 
 
+    HDFS-2368.  Move SPNEGO conf properties from hdfs-default.xml to
 
+    hdfs-site.xml.  (szetszwo)
 
+
 
 Release 0.20.204.0 - 2011-8-25
 
 
   NEW FEATURES

+ 0 - 20
src/hdfs/hdfs-default.xml
View File 

@@ -426,24 +426,4 @@ creations/deletions), or "all".</description>
 
   </description>
 
 </property>
 
 
-<property>
 
-  <name>dfs.web.authentication.kerberos.principal</name>
 
-  <value>HTTP/${dfs.web.hostname}@${kerberos.realm}</value>
 
-  <description>
 
-    The HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
-
 
-    The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos
 
-    HTTP SPENGO specification.
 
-  </description>
 
-</property>
 
-
 
-<property>
 
-  <name>dfs.web.authentication.kerberos.keytab</name>
 
-  <value>${user.home}/dfs.web.keytab</value>
 
-  <description>
 
-    The Kerberos keytab file with the credentials for the
 
-    HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
-  </description>
 
-</property>
 
-
 
 </configuration>

+ 20 - 0
src/packages/templates/conf/hdfs-site.xml
View File 

@@ -123,6 +123,26 @@
 
     </description>
 
   </property>
 
 
+  <property>
 
+    <name>dfs.web.authentication.kerberos.principal</name>
 
+    <value>HTTP/_HOST@${local.realm}</value>
 
+    <description>
 
+      The HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
+
 
+      The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos
 
+      HTTP SPENGO specification.
 
+    </description>
 
+  </property>
 
+
 
+  <property>
 
+    <name>dfs.web.authentication.kerberos.keytab</name>
 
+    <value>/etc/security/keytabs/nn.service.keytab</value>
 
+    <description>
 
+      The Kerberos keytab file with the credentials for the
 
+      HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
+    </description>
 
+  </property>
 
+
 
   <property>
 
     <name>dfs.namenode.keytab.file</name>
 
     <value>/etc/security/keytabs/nn.service.keytab</value>