sun.security.krb5.KrbApReq was creating a static MD5 digest object and not synchronizing access. This has been fixed in jdk8u60.
http://hg.openjdk.java.net/jdk8u/jdk8u60/jdk/rev/02d6b1096e89 One of the visible symptom is RPC reader thread getting ArrayIndexOutOfBoundsException from sun.security.provider.DigestBase.engineUpdate. More concerning case is a reader operating on a wrong digest. Kihwal ________________________________ From: Jean-Baptiste Note <[email protected]> To: [email protected] Cc: "[email protected]" <[email protected]>; "[email protected]" <[email protected]>; dev <[email protected]>; "[email protected]" <[email protected]> Sent: Tuesday, October 13, 2015 5:00 AM Subject: Re: [DISCUSS] About the details of JDK-8 support Hi, As far as security is concerned we (Criteo) are using CDH5 with JDK8 in production with security enabled. We reported some gripes with some specific java versions: https://issues.cloudera.org/browse/DISTRO-732 I would bump the dependency to _u51 or later; _u40 _u45 do have a lot of problems with SPNEGO SSO. JB
