Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6632

Support for using different Kerberos keys for different instances of Hadoop services

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.22.0
    • None
    • None

    Description

      We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance.

      Attachments

        1. HADOOP-6632-Y20S-18.patch
          40 kB
          Kan Zhang
        2. HADOOP-6632-Y20S-22.patch
          47 kB
          Jitendra Nath Pandey
        3. 6632.mr.patch
          2 kB
          Devaraj Das
        4. c6632-05.patch
          19 kB
          Kan Zhang
        5. c6632-07.patch
          19 kB
          Kan Zhang

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-1201 Support for using different Kerberos keys for Namenode and datanode.

          • Major - Major loss of function.
          • Closed
          incorporates

          Improvement - An improvement or enhancement to an existing feature or task. MAPREDUCE-1945 Support for using different Kerberos keys for Jobtracker and TaskTrackers

          • Major - Major loss of function.
          • Closed

          Activity

            People

              kzhang Kan Zhang
              kzhang Kan Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: