Fix kerberos service principal format

The correct format is serviceName@host instead of serviceName/host
trinodb · Jul 13, 2015 · d87db0e · d87db0e
1 parent c92190e
commit d87db0e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/presto-main/src/main/java/com/facebook/presto/server/security/SpnegoFilter.java b/presto-main/src/main/java/com/facebook/presto/server/security/SpnegoFilter.java
@@ -21,6 +21,7 @@
 import org.ietf.jgss.GSSCredential;
 import org.ietf.jgss.GSSException;
 import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
 import org.ietf.jgss.Oid;
 
 import javax.annotation.PreDestroy;
@@ -76,7 +77,7 @@ public SpnegoFilter(SecurityConfig config)
         System.setProperty("java.security.krb5.conf", config.getKerberosConfig().getAbsolutePath());
 
         try {
-            servicePrincipal = config.getServiceName() + "/" + InetAddress.getLocalHost().getCanonicalHostName().toLowerCase(Locale.US);
+            servicePrincipal = config.getServiceName() + "@" + InetAddress.getLocalHost().getCanonicalHostName().toLowerCase(Locale.US);
             loginContext = new LoginContext("", null, null, new Configuration()
             {
                 @Override
@@ -100,7 +101,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String name)
             loginContext.login();
 
             serverCredential = doAs(loginContext.getSubject(), () -> gssManager.createCredential(
-                    gssManager.createName(servicePrincipal, null),
+                    gssManager.createName(servicePrincipal, GSSName.NT_HOSTBASED_SERVICE),
                     INDEFINITE_LIFETIME,
                     new Oid[] {
                             new Oid("1.2.840.113554.1.2.2"), // kerberos 5