Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6632

Support for using different Kerberos keys for different instances of Hadoop services

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None

      Description

      We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance.

        Attachments

        1. 6632.mr.patch
          2 kB
          Devaraj Das
        2. c6632-05.patch
          19 kB
          Kan Zhang
        3. c6632-07.patch
          19 kB
          Kan Zhang
        4. HADOOP-6632-Y20S-18.patch
          40 kB
          Kan Zhang
        5. HADOOP-6632-Y20S-22.patch
          47 kB
          Jitendra Nath Pandey

          Issue Links

            Activity

              People

              • Assignee:
                kzhang Kan Zhang
                Reporter:
                kzhang Kan Zhang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: