Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10786

Fix UGI#reloginFromKeytab on Java 8

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      Krb5LoginModule changed subtly in java 8: in particular, if useKeyTab and storeKey are specified, then only a KeyTab object is added to the Subject's private credentials, whereas in java <= 7 both a KeyTab and some number of KerberosKey objects were added.

      The UGI constructor checks whether or not a keytab was used to login by looking if there are any KerberosKey objects in the Subject's private credentials. If there are, then isKeyTab is set to true, and otherwise it's set to false.

      Thus, in java 8 isKeyTab is always false given the current UGI implementation, which makes UGI#reloginFromKeytab fail silently.

      Attached patch will check for a KeyTab object on the Subject, instead of a KerberosKey object. This fixes relogins from kerberos keytabs on Oracle java 8, and works on Oracle java 7 as well.

      Attachments

        1. HADOOP-10786.5.patch
          7 kB
          Stephen Chu
        2. HADOOP-10786.4.patch
          7 kB
          Stephen Chu
        3. HADOOP-10786.3.patch
          7 kB
          Stephen Chu
        4. HADOOP-10786.3.patch
          7 kB
          Stephen Chu
        5. HADOOP-10786.2.patch
          7 kB
          Stephen Chu
        6. HADOOP-10786.patch
          1 kB
          Tobi Knaup

        Issue Links

        depends upon

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-10963 Move compile-time dependency to JDK7

        • Major - Major loss of function.
        • Closed
        is related to

        Bug - A problem which impairs or prevents the functions of the product. SLIDER-1010 SliderAM rejecting launch in a secure cluster —claims user not on a keytab

        • Major - Major loss of function.
        • Resolved
        relates to

        Bug - A problem which impairs or prevents the functions of the product. HADOOP-11287 Simplify UGI#reloginFromKeytab for Java 7+

        • Major - Major loss of function.
        • Closed

        New Feature - A new feature of the product, which has yet to be developed. HADOOP-11090 [Umbrella] Support Java 8 in Hadoop

        • Major - Major loss of function.
        • Resolved

        Umbrella - An overarching type made of sub-tasks HBASE-7608 Considering Java 8

        • Trivial - Cosmetic problem like misspelt words or misaligned text.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            schu Stephen Chu Assign to me
            Tobi19 Tobi Vollebregt
            Votes:
            1 Vote for this issue
            Watchers:
            30 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment