Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9850

RPC kerberos errors don't trigger relogin

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.1.0-beta, 3.0.0-alpha1
    • 2.1.0-beta
    • ipc
    • None
    • Reviewed

    Description

      Hadoop auto-renews a ticket cache TGT. However, a TGT acquired via keytab is just allowed to expire. To compensate, any exception during a kerberos RPC connection triggers a relogin.

      Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting authMethod kerberos. Now the SASL client negotiates and returns the authMethod to the RPC Client. When an exception occurs, such as TGT expired, the Client doesn't know what the SASL client was attempting so no relogin is attempted. After 24 hours, keytab based services that act as clients (ex. RM for token renewal) go dead.

      Attachments

        1. HADOOP-9850.patch
          3 kB
          Daryn Sharp

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            daryn Daryn Sharp
            daryn Daryn Sharp
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment