hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9070) Kerberos SASL server cannot find kerberos key
Date Wed, 21 Nov 2012 16:21:59 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13502098#comment-13502098
] 

Daryn Sharp commented on HADOOP-9070:
-------------------------------------

Yes, I thoroughly tested both kerberos and tokens to ensure they work with the latest patch.
 As mentioned in my prior comment, this does cause a RPC incompatibility within 2.x.  Earlier
2.x clients will receive an extra reply (SUCCESS) from a 2.0.3 server after the kerberos negotiation
completes.  The client will interpret this as the response for the next proxy call, which
will cause a protobuf error.  A 2.0.3 client will timeout waiting for the SUCCESS response
from earlier 2.x servers.  Maybe we should bump the RPC version in 2.0.3?  Or if that's unpalatable,
I can investigate a backwards compatible client change that might be hacky (not sure yet).
                
> Kerberos SASL server cannot find kerberos key
> ---------------------------------------------
>
>                 Key: HADOOP-9070
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9070
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: ipc
>    Affects Versions: 3.0.0, 2.0.3-alpha
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9070.patch, HADOOP-9070.patch
>
>
> HADOOP-9015 inadvertently removed a {{doAs}} block around instantiation of the sasl server
which renders a server incapable of accepting kerberized connections.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message