Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-3849

Change TokenCache's reading of the binary token file



    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.23.1, 2.0.0-alpha
    • 0.23.2
    • security
    • None


      When obtaining the tokens for a FileSystem, the TokenCache will read the binary token file if a token is not already in the Credentials. However, it will overwrite any existing tokens in the Credentials with the contents of the binary token file if a single token is missing. This may cause new tokens to be replaced with invalid/cancelled tokens from the binary file. The new tokens will not be canceled, and thus "leak" in the namenode until they expire.

      The binary tokens should be merged with, but not replace, existing tokens in the Credentials.

      The code that reads the binary token file is prefaced with:

      //TODO: Need to come up with a better place to put
      //this block of code to do with reading the file

      Also, the loading of the binary token file is the only reason that the TokenCache has to use getCanonicalService. If this linkage can be broken, then the 1-to-1 filesystem to token service coupling may be removed. And use of getCanonicalService can be removed in a subsequent jira.


        1. MAPREDUCE-3849.patch
          2 kB
          Daryn Sharp
        2. MAPREDUCE-3849-2.patch
          8 kB
          Daryn Sharp

        Issue Links



              daryn Daryn Sharp
              daryn Daryn Sharp
              0 Vote for this issue
              1 Start watching this issue