Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-9969

TGT expiration doesn't trigger Kerberos relogin

    Details

    • Type: Bug
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.1.0-beta, 2.5.0, 2.5.2, 2.6.0, 2.6.1, 2.8.0, 2.7.1, 2.6.2, 2.6.3
    • Fix Version/s: None
    • Component/s: ipc, security
    • Labels:
      None
    • Environment:

      IBM JDK7

      Description

      In HADOOP-9698 & HADOOP-9850, RPC client and Sasl client have been changed to respect the auth method advertised from server, instead of blindly attempting the configured one at client side. However, when TGT has expired, an exception will be thrown from SaslRpcClient#createSaslClient(SaslAuth authType), and at this time the authMethod still holds the initial value which is SIMPLE and never has a chance to be updated with the expected one requested by server, so kerberos relogin will not happen.

        Attachments

        1. JobTracker.log
          35 kB
          Yu Gao
        2. HADOOP-9969.patch
          1.0 kB
          Yu Gao

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              crystal_gaoyu Yu Gao
            • Votes:
              3 Vote for this issue
              Watchers:
              19 Start watching this issue

              Dates

              • Created:
                Updated: