Daryn Sharp created HADOOP-9850:
-----------------------------------
Summary: RPC kerberos errors don't trigger relogin
Key: HADOOP-9850
URL: https://issues.apache.org/jira/browse/HADOOP-9850
Project: Hadoop Common
Issue Type: Bug
Components: ipc
Affects Versions: 3.0.0, 2.1.0-beta
Reporter: Daryn Sharp
Assignee: Daryn Sharp
Priority: Blocker
Hadoop auto-renews a ticket cache TGT. However, a TGT acquired via keytab is
just allowed to expire. To compensate, any exception during a kerberos RPC
connection triggers a relogin.
Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting
authMethod kerberos. Now the SASL client negotiates and returns the authMethod
to the RPC Client. When an exception occurs, such as TGT expired, the Client
doesn't know what the SASL client was attempting so no relogin is attempted.
After 24 hours, keytab based services that act as clients (ex. RM for token
renewal) go dead.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
