hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6632) Support for using different Kerberos keys for different instances of Hadoop services
Date Fri, 30 Jul 2010 21:55:17 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894170#action_12894170
] 

Devaraj Das commented on HADOOP-6632:
-------------------------------------

Yes this was intentional. The mr patch seemed like a hack and that's why we didn't commit
it to trunk, and instead raised MAPREDUCE-1824 to discuss that... BTW, the problem which the
mr patch attempted to address would be significantly less once we have HADOOP-6706 committed
that does retries in case of failures due to the false replay attack detection by the rpc
servers. MAPREDUCE-1824 takes a low priority..

> Support for using different Kerberos keys for different instances of Hadoop services
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6632
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6632
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>             Fix For: 0.22.0
>
>         Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch, HADOOP-6632-Y20S-18.patch,
HADOOP-6632-Y20S-22.patch
>
>
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same
Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is
that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators
they send to the namenode may have the same timestamp and will be rejected as replay requests.
This JIRA makes it possible to use a unique key for each service instance.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message