[
https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12890112#action_12890112
]
Hudson commented on HADOOP-6632:
--------------------------------
Integrated in Hadoop-Common-trunk-Commit #331 (See
[http://hudson.zones.apache.org/hudson/job/Hadoop-Common-trunk-Commit/331/])
HADOOP-6632. Adds support for using different keytabs for different servers
in a Hadoop cluster. In the earier implementation, all servers of a certain
type \(like TaskTracker\), would have the same keytab and the same principal.
Now the principal name is a pattern that has _HOST in it. Contributed by Kan
Zhang & Jitendra Pandey.
> Support for using different Kerberos keys for different instances of Hadoop
> services
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6632
> URL: https://issues.apache.org/jira/browse/HADOOP-6632
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.22.0
>
> Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch,
> HADOOP-6632-Y20S-18.patch, HADOOP-6632-Y20S-22.patch
>
>
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or
> the same Kerberos key for all TaskTarckers in a MapRed cluster. But it
> doesn't work. The reason is that when datanodes try to authenticate to the
> namenode all at once, the Kerberos authenticators they send to the namenode
> may have the same timestamp and will be rejected as replay requests. This
> JIRA makes it possible to use a unique key for each service instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
