hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joey Echeverria (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2386) with security enabled fsck calls lead to handshake_failure and hftp fails throwing the same exception in the logs
Date Mon, 19 Mar 2012 20:35:39 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13232875#comment-13232875
] 

Joey Echeverria commented on HDFS-2386:
---------------------------------------

>From testing I've been doing it looks like KSSL won't work without at least one of the
DES encryption types enabled (e.g. DES_CBC_CRC). This looks like it's caused by a bug in the
JDK. Basically, AES and RC4 don't pad unless they encrypt a message which is not a multiple
of a block. However, the JDK is assuming that the PreMasterSecret will be padded and assumes
that the last byte in the decrypted secret is the length of the padding. When using AES or
RC4, this ends up being a random byte and usually will cause the JDK to end up with an invalid
PreMasterSecret. In defense of this, the JDK generates a random secret that then caused the
handshake to fail later on. I need to do some more testing with another version of Kerberos,
but I plan on filing a JDK bug.
                
> with security enabled fsck calls lead to handshake_failure and hftp fails throwing the
same exception in the logs
> -----------------------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-2386
>                 URL: https://issues.apache.org/jira/browse/HDFS-2386
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 0.20.205.0
>            Reporter: Arpit Gupta
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message