hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9850) RPC kerberos errors don't trigger relogin
Date Thu, 08 Aug 2013 15:19:49 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13733590#comment-13733590

Hudson commented on HADOOP-9850:

SUCCESS: Integrated in Hadoop-trunk-Commit #4227 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/4227/])
HADOOP-9850. RPC kerberos errors don't trigger relogin. Contributed by Daryn Sharp. (kihwal:
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java

> RPC kerberos errors don't trigger relogin
> -----------------------------------------
>                 Key: HADOOP-9850
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9850
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc
>    Affects Versions: 3.0.0, 2.1.0-beta
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 3.0.0, 2.1.0-beta
>         Attachments: HADOOP-9850.patch
> Hadoop auto-renews a ticket cache TGT.  However, a TGT acquired via keytab is just allowed
to expire.  To compensate, any exception during a kerberos RPC connection triggers a relogin.
> Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting authMethod
kerberos.  Now the SASL client negotiates and returns the authMethod to the RPC Client.  When
an exception occurs, such as TGT expired, the Client doesn't know what the SASL client was
attempting so no relogin is attempted.  After 24 hours, keytab based services that act as
clients (ex. RM for token renewal) go dead.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message