Return-Path: Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: (qmail 46156 invoked from network); 29 Oct 2010 02:07:16 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 29 Oct 2010 02:07:15 -0000 Received: (qmail 40908 invoked by uid 500); 29 Oct 2010 02:07:15 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 40882 invoked by uid 500); 29 Oct 2010 02:07:15 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 40873 invoked by uid 99); 29 Oct 2010 02:07:15 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Oct 2010 02:07:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Oct 2010 02:07:13 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o9T26ql2016985 for ; Fri, 29 Oct 2010 02:06:52 GMT Message-ID: <12528441.134911288318011994.JavaMail.jira@thor> Date: Thu, 28 Oct 2010 22:06:51 -0400 (EDT) From: "Hudson (JIRA)" To: common-issues@hadoop.apache.org Subject: [jira] Commented: (HADOOP-6632) Support for using different Kerberos keys for different instances of Hadoop services In-Reply-To: <1542465557.251491268540967230.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12926125#action_12926125 ] Hudson commented on HADOOP-6632: -------------------------------- Integrated in Hadoop-Mapreduce-trunk-Commit #523 (See [https://hudson.apache.org/hudson/job/Hadoop-Mapreduce-trunk-Commit/523/]) > Support for using different Kerberos keys for different instances of Hadoop services > ------------------------------------------------------------------------------------ > > Key: HADOOP-6632 > URL: https://issues.apache.org/jira/browse/HADOOP-6632 > Project: Hadoop Common > Issue Type: Improvement > Reporter: Kan Zhang > Assignee: Kan Zhang > Fix For: 0.22.0 > > Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch, HADOOP-6632-Y20S-18.patch, HADOOP-6632-Y20S-22.patch > > > We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.