hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13206) Delegation token cannot be fetched and used by different versions of client
Date Thu, 26 May 2016 21:53:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303015#comment-15303015
] 

Yongjun Zhang commented on HADOOP-13206:
----------------------------------------

Hi [~zhz],

Thanks for the new rev.

Some questions and comments:

{code}
60	          try {
61	            serviceMatch = NetUtils.createSocketAddr(token.getService().toString()).
62	                equals(NetUtils.createSocketAddr(service.toString()));
63	          } catch (IllegalArgumentException e) {
64	            SecurityUtil.LOG.debug("service " + service + " or token service " +
65	                token.getService() + " is not in host:port format.");
66	          }
{code}
1. Do we expect the <host> to be either host name or ip address, or only host name is
allowed?
2. Do we intend to support both hostname and ip address formats here? Based on my read of
the jira description, seems we intend to support both
3. Is the msg level DEBUG sufficient? I guess we might see too many messages if we change
it to WARN? 
4. Suggest to do
{code}
64	            SecurityUtil.LOG.<xyz>("service " + service + " or token service " +
65	                token.getService() + " is not in host:port format.", e);
{code}

Thanks.


> Delegation token cannot be fetched and used by different versions of client
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-13206
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13206
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.3.0, 2.6.1
>            Reporter: Zhe Zhang
>            Assignee: Zhe Zhang
>         Attachments: HADOOP-13206.00.patch, HADOOP-13206.01.patch
>
>
> We have observed that an HDFS delegation token fetched by a 2.3.0 client cannot be used
by a 2.6.1 client, and vice versa. Through some debugging I found that it's a mismatch between
the token's {{service}} and the {{service}} of the filesystem (e.g. {{webhdfs://host.something.com:50070/}}).
One would be in numerical IP address and one would be in non-numerical hostname format.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message