Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6632

Support for using different Kerberos keys for different instances of Hadoop services

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.22.0
    • None
    • None

    Description

      We tested using the same Kerberos key for all datanodes in a HDFS cluster or the same Kerberos key for all TaskTarckers in a MapRed cluster. But it doesn't work. The reason is that when datanodes try to authenticate to the namenode all at once, the Kerberos authenticators they send to the namenode may have the same timestamp and will be rejected as replay requests. This JIRA makes it possible to use a unique key for each service instance.

      Attachments

        1. 6632.mr.patch
          2 kB
          Devaraj Das
        2. c6632-05.patch
          19 kB
          Kan Zhang
        3. c6632-07.patch
          19 kB
          Kan Zhang
        4. HADOOP-6632-Y20S-18.patch
          40 kB
          Kan Zhang
        5. HADOOP-6632-Y20S-22.patch
          47 kB
          Jitendra Nath Pandey

        Issue Links

          Activity

            People

              kzhang Kan Zhang
              kzhang Kan Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: