Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10070

RPC client doesn't use per-connection conf to determine server's expected Kerberos principal name

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.4.0
    • Component/s: security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Currently, RPC client caches the Configuration object that was passed in to its constructor and uses that same conf for every connection it sets up thereafter. This can cause problems when security is enabled if the Configuration object provided when the first RPC connection was made does not contain all possible entries for all server principals that will later be used by subsequent connections. When this happens, it will result in later RPC connections incorrectly failing with the error "Failed to specify server's Kerberos principal name" even though the principal name was specified in the Configuration object provided on later RPC connection attempts.

      I believe this means that we've inadvertently reintroduced HADOOP-6907.

        Attachments

        1. HADOOP-10070.patch
          7 kB
          Aaron Myers
        2. HADOOP-10070.patch
          5 kB
          Aaron Myers
        3. TestKerberosClient.java
          2 kB
          Aaron Myers

          Activity

            People

            • Assignee:
              atm Aaron Myers
              Reporter:
              atm Aaron Myers
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: