Hadoop Common
  1. Hadoop Common
  2. HADOOP-6632

Support for using different Kerberos keys for different instances of Hadoop services

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None

      Description

      We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance.

      1. HADOOP-6632-Y20S-18.patch
        40 kB
        Kan Zhang
      2. HADOOP-6632-Y20S-22.patch
        47 kB
        Jitendra Nath Pandey
      3. 6632.mr.patch
        2 kB
        Devaraj Das
      4. c6632-05.patch
        19 kB
        Kan Zhang
      5. c6632-07.patch
        19 kB
        Kan Zhang

        Issue Links

          Activity

            People

            • Assignee:
              Kan Zhang
              Reporter:
              Kan Zhang
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development