hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yu Gao (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9969) TGT expiration doesn't trigger Kerberos relogin
Date Fri, 20 Sep 2013 18:41:53 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13773289#comment-13773289
] 

Yu Gao commented on HADOOP-9969:
--------------------------------

Sure. Attaching a relevant sub-section of JobTracker log throwing the expiration exception.
I'm using Hadoop 2.1.0-beta + MapReduce 1.1.1, with IBM JDK 6.
                
> TGT expiration doesn't trigger Kerberos relogin
> -----------------------------------------------
>
>                 Key: HADOOP-9969
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9969
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc, security
>    Affects Versions: 2.1.0-beta
>            Reporter: Yu Gao
>         Attachments: HADOOP-9969.patch
>
>
> In HADOOP-9698 & HADOOP-9850, RPC client and Sasl client have been changed to respect
the auth method advertised from server, instead of blindly attempting the configured one at
client side. However, when TGT has expired, an exception will be thrown from SaslRpcClient#createSaslClient(SaslAuth
authType), and at this time the authMethod still holds the initial value which is SIMPLE and
never has a chance to be updated with the expected one requested by server, so kerberos relogin
will not happen.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message