hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6632) Support for using different Kerberos keys for different instances of Hadoop services
Date Tue, 20 Jul 2010 01:03:50 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12890112#action_12890112

Hudson commented on HADOOP-6632:

Integrated in Hadoop-Common-trunk-Commit #331 (See [http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/331/])
    HADOOP-6632. Adds support for using different keytabs for different servers in a Hadoop
cluster. In the earier implementation, all servers of a certain type \(like TaskTracker\),
would have the same keytab and the same principal. Now the principal name is a pattern that
has _HOST in it. Contributed by Kan Zhang & Jitendra Pandey.

> Support for using different Kerberos keys for different instances of Hadoop services
> ------------------------------------------------------------------------------------
>                 Key: HADOOP-6632
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6632
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.22.0
>         Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch, HADOOP-6632-Y20S-18.patch,
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same
Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is
that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators
they send to the namenode may have the same timestamp and will be rejected as replay requests.
This JIRA makes it possible to use a unique key for each service instance.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message