[MAPREDUCE-3849] Change TokenCache's reading of the binary token file - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.23.1, 2.0.0-alpha
Fix Version/s: 0.23.2
Component/s: security
Labels:
None

Target Version/s:

0.23.0

Description

When obtaining the tokens for a FileSystem, the TokenCache will read the binary token file if a token is not already in the Credentials. However, it will overwrite any existing tokens in the Credentials with the contents of the binary token file if a single token is missing. This may cause new tokens to be replaced with invalid/cancelled tokens from the binary file. The new tokens will not be canceled, and thus "leak" in the namenode until they expire.

The binary tokens should be merged with, but not replace, existing tokens in the Credentials.

The code that reads the binary token file is prefaced with:

//TODO: Need to come up with a better place to put
//this block of code to do with reading the file

Also, the loading of the binary token file is the only reason that the TokenCache has to use getCanonicalService. If this linkage can be broken, then the 1-to-1 filesystem to token service coupling may be removed. And use of getCanonicalService can be removed in a subsequent jira.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

MAPREDUCE-3849.patch
10/Feb/12 19:04
2 kB
Daryn Sharp
MAPREDUCE-3849-2.patch
14/Feb/12 21:39
8 kB
Daryn Sharp

Issue Links

depends upon

HADOOP-8048 Allow merging of Credentials

Resolved

is related to

MAPREDUCE-3825 MR should not be getting duplicate tokens for a MR Job.

Resolved

Activity

People

Assignee:: Daryn Sharp

Reporter:: Daryn Sharp

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 10/Feb/12 18:55

Updated:: 10/Mar/15 04:32

Resolved:: 16/Feb/12 17:57