Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6632

Support for using different Kerberos keys for different instances of Hadoop services

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None

      Description

      We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance.

        Attachments

        1. HADOOP-6632-Y20S-18.patch
          40 kB
          Kan Zhang
        2. HADOOP-6632-Y20S-22.patch
          47 kB
          Jitendra Nath Pandey
        3. 6632.mr.patch
          2 kB
          Devaraj Das
        4. c6632-05.patch
          19 kB
          Kan Zhang
        5. c6632-07.patch
          19 kB
          Kan Zhang

        Issue Links

          Activity

            People

            • Assignee:
              kzhang Kan Zhang
              Reporter:
              kzhang Kan Zhang

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment