Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9969

TGT expiration doesn't trigger Kerberos relogin

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • 2.1.0-beta, 2.5.0, 2.5.2, 2.6.0, 2.6.1, 2.8.0, 2.7.1, 2.6.2, 2.6.3
    • None
    • ipc, security
    • None
    • IBM JDK7

    Description

      In HADOOP-9698 & HADOOP-9850, RPC client and Sasl client have been changed to respect the auth method advertised from server, instead of blindly attempting the configured one at client side. However, when TGT has expired, an exception will be thrown from SaslRpcClient#createSaslClient(SaslAuth authType), and at this time the authMethod still holds the initial value which is SIMPLE and never has a chance to be updated with the expected one requested by server, so kerberos relogin will not happen.

      Attachments

        1. HADOOP-9969.patch
          1.0 kB
          Yu Gao
        2. JobTracker.log
          35 kB
          Yu Gao

        Activity

          People

            Unassigned Unassigned
            crystal_gaoyu Yu Gao
            Votes:
            3 Vote for this issue
            Watchers:
            19 Start watching this issue

            Dates

              Created:
              Updated: