hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-9850) RPC kerberos errors don't trigger relogin
Date Wed, 07 Aug 2013 20:27:49 GMT
Daryn Sharp created HADOOP-9850:

             Summary: RPC kerberos errors don't trigger relogin
                 Key: HADOOP-9850
                 URL: https://issues.apache.org/jira/browse/HADOOP-9850
             Project: Hadoop Common
          Issue Type: Bug
          Components: ipc
    Affects Versions: 3.0.0, 2.1.0-beta
            Reporter: Daryn Sharp
            Assignee: Daryn Sharp
            Priority: Blocker

Hadoop auto-renews a ticket cache TGT.  However, a TGT acquired via keytab is just allowed
to expire.  To compensate, any exception during a kerberos RPC connection triggers a relogin.

Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting authMethod kerberos.
 Now the SASL client negotiates and returns the authMethod to the RPC Client.  When an exception
occurs, such as TGT expired, the Client doesn't know what the SASL client was attempting so
no relogin is attempted.  After 24 hours, keytab based services that act as clients (ex. RM
for token renewal) go dead.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message