Hadoop Common
  1. Hadoop Common
  2. HADOOP-7215

RPC clients must connect over a network interface corresponding to the host name in the client's kerberos principal key

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.20.203.0, 0.21.1, 0.23.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      HADOOP-7104 introduced a change where RPC server matches client's hostname with the hostname specified in the client's Kerberos principal name. RPC client binds the socket to a random local address, which might not match the hostname specified in the principal name. This results authorization failure of the client at the server.

      1. hadoop-7215-0.22.patch
        7 kB
        Benoy Antony
      2. HADOOP-7215.debug.patch
        8 kB
        Suresh Srinivas
      3. HADOOP-7215.debug.patch
        8 kB
        Suresh Srinivas
      4. HADOOP-7215.3.trunk.patch
        8 kB
        Suresh Srinivas
      5. HADOOP-7215.2xx.patch
        6 kB
        Suresh Srinivas
      6. HADOOP-7215.2.trunk.patch
        8 kB
        Suresh Srinivas
      7. HADOOP-7215.1.trunk.patch
        8 kB
        Suresh Srinivas

        Issue Links

          Activity

          Suresh Srinivas created issue -
          Suresh Srinivas made changes -
          Field Original Value New Value
          Attachment HADOOP-7215.203.patch [ 12475040 ]
          Suresh Srinivas made changes -
          Fix Version/s 0.20.204.0 [ 12316317 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.trunk.patch [ 12475044 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.203.patch [ 12475040 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.trunk.patch [ 12475044 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.trunk.patch [ 12475144 ]
          Suresh Srinivas made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.1.trunk.patch [ 12475153 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.trunk.patch [ 12475144 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.debug.patch [ 12475156 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.2.trunk.patch [ 12475157 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.debug.patch [ 12475162 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.3.trunk.patch [ 12475167 ]
          Suresh Srinivas made changes -
          Priority Major [ 3 ] Blocker [ 1 ]
          Suresh Srinivas made changes -
          Link This issue is related to HADOOP-7104 [ HADOOP-7104 ]
          Suresh Srinivas made changes -
          Attachment HADOOP-7215.2xx.patch [ 12475249 ]
          Suresh Srinivas made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Hadoop Flags [Reviewed]
          Resolution Fixed [ 1 ]
          Owen O'Malley made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          Benoy Antony made changes -
          Link This issue is depended upon by HADOOP-8357 [ HADOOP-8357 ]
          Benoy Antony made changes -
          Attachment hadoop-7215-0.22.patch [ 12526263 ]
          Konstantin Shvachko made changes -
          Fix Version/s 0.21.1 [ 12315270 ]
          Eli Collins made changes -
          Description HDFS-7104 introduced a change where RPC server matches client's hostname with the hostname specified in the client's Kerberos principal name. RPC client binds the socket to a random local address, which might not match the hostname specified in the principal name. This results authorization failure of the client at the server. HADOOP-7104 introduced a change where RPC server matches client's hostname with the hostname specified in the client's Kerberos principal name. RPC client binds the socket to a random local address, which might not match the hostname specified in the principal name. This results authorization failure of the client at the server.

            People

            • Assignee:
              Suresh Srinivas
              Reporter:
              Suresh Srinivas
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development