[
https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894170#action_12894170
]
Devaraj Das commented on HADOOP-6632:
-------------------------------------
Yes this was intentional. The mr patch seemed like a hack and that's why we
didn't commit it to trunk, and instead raised MAPREDUCE-1824 to discuss that...
BTW, the problem which the mr patch attempted to address would be significantly
less once we have HADOOP-6706 committed that does retries in case of failures
due to the false replay attack detection by the rpc servers. MAPREDUCE-1824
takes a low priority..
> Support for using different Kerberos keys for different instances of Hadoop
> services
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6632
> URL: https://issues.apache.org/jira/browse/HADOOP-6632
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.22.0
>
> Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch,
> HADOOP-6632-Y20S-18.patch, HADOOP-6632-Y20S-22.patch
>
>
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or
> the same Kerberos key for all TaskTarckers in a MapRed cluster. But it
> doesn't work. The reason is that when datanodes try to authenticate to the
> namenode all at once, the Kerberos authenticators they send to the namenode
> may have the same timestamp and will be rejected as replay requests. This
> JIRA makes it possible to use a unique key for each service instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
