Home Explore Help
Sign In
apache
/
hadoop
mirror of https://github.com/apache/hadoop.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

svn merge -c 1176720 from branch-0.20-security for HDFS-2368.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security-205@1176721 13f79535-47bb-0310-9956-ffa450edef68
Tsz-wo Sze 14 years ago
parent
9a17bb38b9
commit
5566c4cb60
3 changed files with 23 additions and 20 deletions
Unified View Show Diff Stats
  1. 3 0
      CHANGES.txt
  2. 0 20
      src/hdfs/hdfs-default.xml
  3. 20 0
      src/packages/templates/conf/hdfs-site.xml

+ 3 - 0
CHANGES.txt
View File 

@@ -321,6 +321,9 @@ Release 0.20.205.0 - 2011.09.27
 
     HADOOP-7510. Add configurable option to use original hostname in token
 
     HADOOP-7510. Add configurable option to use original hostname in token
 
     instead of IP to allow server IP change. (Daryn Sharp via suresh)
 
     instead of IP to allow server IP change. (Daryn Sharp via suresh)
 
 
 
+    HDFS-2368.  Move SPNEGO conf properties from hdfs-default.xml to
 
+    hdfs-site.xml.  (szetszwo)
 
+
 
 Release 0.20.204.0 - 2011-8-25
 
 Release 0.20.204.0 - 2011-8-25
 
 
 
   NEW FEATURES
 
   NEW FEATURES

+ 0 - 20
src/hdfs/hdfs-default.xml
View File 

@@ -426,24 +426,4 @@ creations/deletions), or "all".</description>
 
   </description>
 
   </description>
 
 </property>
 
 </property>
 
 
 
-<property>
 
-  <name>dfs.web.authentication.kerberos.principal</name>
 
-  <value>HTTP/${dfs.web.hostname}@${kerberos.realm}</value>
 
-  <description>
 
-    The HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
-
 
-    The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos
 
-    HTTP SPENGO specification.
 
-  </description>
 
-</property>
 
-
 
-<property>
 
-  <name>dfs.web.authentication.kerberos.keytab</name>
 
-  <value>${user.home}/dfs.web.keytab</value>
 
-  <description>
 
-    The Kerberos keytab file with the credentials for the
 
-    HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
-  </description>
 
-</property>
 
-
 
 </configuration>
 
 </configuration>

+ 20 - 0
src/packages/templates/conf/hdfs-site.xml
View File 

@@ -123,6 +123,26 @@
 
     </description>
 
     </description>
 
   </property>
 
   </property>
 
 
 
+  <property>
 
+    <name>dfs.web.authentication.kerberos.principal</name>
 
+    <value>HTTP/_HOST@${local.realm}</value>
 
+    <description>
 
+      The HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
+
 
+      The HTTP Kerberos principal MUST start with 'HTTP/' per Kerberos
 
+      HTTP SPENGO specification.
 
+    </description>
 
+  </property>
 
+
 
+  <property>
 
+    <name>dfs.web.authentication.kerberos.keytab</name>
 
+    <value>/etc/security/keytabs/nn.service.keytab</value>
 
+    <description>
 
+      The Kerberos keytab file with the credentials for the
 
+      HTTP Kerberos principal used by Hadoop-Auth in the HTTP endpoint.
 
+    </description>
 
+  </property>
 
+
 
   <property>
 
   <property>
 
     <name>dfs.namenode.keytab.file</name>
 
     <name>dfs.namenode.keytab.file</name>
 
     <value>/etc/security/keytabs/nn.service.keytab</value>
 
     <value>/etc/security/keytabs/nn.service.keytab</value>