[KNOX-598] Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401 error (due to Kerberos Replay attack error) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.4.0
Fix Version/s: 0.7.0
Component/s: Server
Labels:
None

Description

In high concurrency scenarios the same Knox service principal can ended up requesting two service tickets for HiveServer2's HTTP service principal within the same microsecond. This is being detected on the HiveServer2 side as a replay attack. The fix is to include some concurrency controls in Knox to ensure that this cannot occur. This will introduce some minor serialization but this seems unavoidable.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

KNOX-598_001.patch
14/Sep/15 14:43
7 kB
Kevin Minder

Activity

People

Assignee:: Unassigned

Reporter:: Kevin Minder

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 14/Sep/15 13:55

Updated:: 28/Mar/19 14:15

Resolved:: 14/Sep/15 19:39