hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6907) Rpc client doesn't use the per-connection conf to figure out server's Kerberos principal
Date Wed, 01 Sep 2010 19:52:55 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905181#action_12905181
] 

Hadoop QA commented on HADOOP-6907:
-----------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12453460/c6907-18.patch
  against trunk revision 991038.

    +1 @author.  The patch does not contain any @author tags.

    +1 tests included.  The patch appears to include 6 new or modified tests.

    -1 javadoc.  The javadoc tool appears to have generated 1 warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs warnings.

    +1 release audit.  The applied patch does not increase the total number of release audit
warnings.

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

    +1 system tests framework.  The patch passed system tests framework compile.

Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/665/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/665/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/665/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/665/console

This message is automatically generated.

> Rpc client doesn't use the per-connection conf to figure out server's Kerberos principal
> ----------------------------------------------------------------------------------------
>
>                 Key: HADOOP-6907
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6907
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc, security
>            Reporter: Kan Zhang
>            Assignee: Kan Zhang
>         Attachments: c6907-12.patch, c6907-15.patch, c6907-16.patch, c6907-18.patch
>
>
> Currently, RPC client caches the conf that was passed in to its constructor and uses
that same conf (or values obtained from it) for every connection it sets up. This is not sufficient
for security since each connection needs to figure out server's Kerberos principal on a per-connection
basis. It's not reasonable to expect the first conf used by a user to contain all the Kerberos
principals that her future connections will ever need. Or worse, if her first conf contains
an incorrect principal name, it will prevent the user from connecting to the server even if
she later on passes in a correct conf on retry (by calling RPC.getProxy()).

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message