Hadoop Map/Reduce
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3849

Change TokenCache's reading of the binary token file

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.23.1, 2.0.0-alpha
    • Fix Version/s: 0.23.2
    • Component/s: security
    • Labels:
      None

      Description

      When obtaining the tokens for a FileSystem, the TokenCache will read the binary token file if a token is not already in the Credentials. However, it will overwrite any existing tokens in the Credentials with the contents of the binary token file if a single token is missing. This may cause new tokens to be replaced with invalid/cancelled tokens from the binary file. The new tokens will not be canceled, and thus "leak" in the namenode until they expire.

      The binary tokens should be merged with, but not replace, existing tokens in the Credentials.

      The code that reads the binary token file is prefaced with:

      //TODO: Need to come up with a better place to put
      //this block of code to do with reading the file
      

      Also, the loading of the binary token file is the only reason that the TokenCache has to use getCanonicalService. If this linkage can be broken, then the 1-to-1 filesystem to token service coupling may be removed. And use of getCanonicalService can be removed in a subsequent jira.

      1. MAPREDUCE-3849-2.patch
        8 kB
        Daryn Sharp
      2. MAPREDUCE-3849.patch
        2 kB
        Daryn Sharp

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Daryn Sharp
              Reporter:
              Daryn Sharp
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development