Return-Path: 
 <common-issues-return-54769-apmail-hadoop-common-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1607210024
	for <apmail-hadoop-common-issues-archive@minotaur.apache.org>;
 Fri, 25 Oct 2013 01:48:02 +0000 (UTC)
Received: (qmail 20692 invoked by uid 500); 25 Oct 2013 01:48:01 -0000
Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org
Received: (qmail 20661 invoked by uid 500); 25 Oct 2013 01:48:01 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Reply-To: common-issues@hadoop.apache.org
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 20652 invoked by uid 99); 25 Oct 2013 01:48:01 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Oct 2013 01:48:01 +0000
Date: Fri, 25 Oct 2013 01:48:01 +0000 (UTC)
From: "Aaron T. Myers (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: <JIRA.12675644.1382665607769.6629.1382665681660@arcas>
In-Reply-To: <JIRA.12675644.1382665607769@arcas>
References: <JIRA.12675644.1382665607769@arcas>
Subject: [jira] [Created] (HADOOP-10070) RPC client doesn't use
 per-connection conf to determine server's expected Kerberos principal name
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Aaron T. Myers created HADOOP-10070:
---------------------------------------

             Summary: RPC client doesn't use per-connection conf to determine server's expected Kerberos principal name
                 Key: HADOOP-10070
                 URL: https://issues.apache.org/jira/browse/HADOOP-10070
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
    Affects Versions: 2.2.0
            Reporter: Aaron T. Myers
            Assignee: Aaron T. Myers


Currently, RPC client caches the {{Configuration}} object that was passed in to its constructor and uses that same conf for every connection it sets up thereafter. This can cause problems when security is enabled if the {{Configuration}} object provided when the first RPC connection was made does not contain all possible entries for all server principals that will later be used by subsequent connections. When this happens, it will result in later RPC connections incorrectly failing with the error "Failed to specify server's Kerberos principal name" even though the principal name was specified in the {{Configuration}} object provided on later RPC connection attempts.

I believe this means that we've inadvertently reintroduced HADOOP-6907.



--
This message was sent by Atlassian JIRA
(v6.1#6144)