Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6907

Rpc client doesn't use the per-connection conf to figure out server's Kerberos principal

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.20.203.0, 0.22.0
    • Component/s: ipc, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently, RPC client caches the conf that was passed in to its constructor and uses that same conf (or values obtained from it) for every connection it sets up. This is not sufficient for security since each connection needs to figure out server's Kerberos principal on a per-connection basis. It's not reasonable to expect the first conf used by a user to contain all the Kerberos principals that her future connections will ever need. Or worse, if her first conf contains an incorrect principal name, it will prevent the user from connecting to the server even if she later on passes in a correct conf on retry (by calling RPC.getProxy()).

        Attachments

        1. c6907-Y20S.1xx.05.patch
          27 kB
          Kan Zhang
        2. c6907-18.patch
          28 kB
          Kan Zhang
        3. c6907-16.patch
          23 kB
          Kan Zhang
        4. c6907-15.patch
          23 kB
          Kan Zhang
        5. c6907-12.patch
          22 kB
          Kan Zhang

          Issue Links

            Activity

              People

              • Assignee:
                kzhang Kan Zhang
                Reporter:
                kzhang Kan Zhang
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: