[
https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kan Zhang updated HADOOP-6632:
------------------------------
Attachment: c6632-07.patch
Uploading a new patch that simply merges with latest trunk changes. No semantic
change from previous patch.
> Support for using different Kerberos keys for different instances of Hadoop
> services
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6632
> URL: https://issues.apache.org/jira/browse/HADOOP-6632
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch,
> HADOOP-6632-Y20S-18.patch, HADOOP-6632-Y20S-22.patch
>
>
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or
> the same Kerberos key for all TaskTarckers in a MapRed cluster. But it
> doesn't work. The reason is that when datanodes try to authenticate to the
> namenode all at once, the Kerberos authenticators they send to the namenode
> may have the same timestamp and will be rejected as replay requests. This
> JIRA makes it possible to use a unique key for each service instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
