[
https://issues.apache.org/jira/browse/HADOOP-6632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894192#action_12894192
]
Todd Lipcon commented on HADOOP-6632:
-------------------------------------
Thanks, Deveraj. That makes sense.
> Support for using different Kerberos keys for different instances of Hadoop
> services
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-6632
> URL: https://issues.apache.org/jira/browse/HADOOP-6632
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.22.0
>
> Attachments: 6632.mr.patch, c6632-05.patch, c6632-07.patch,
> HADOOP-6632-Y20S-18.patch, HADOOP-6632-Y20S-22.patch
>
>
> We tested using the same Kerberos key for all datanodes in a HDFS cluster or
> the same Kerberos key for all TaskTarckers in a MapRed cluster. But it
> doesn't work. The reason is that when datanodes try to authenticate to the
> namenode all at once, the Kerberos authenticators they send to the namenode
> may have the same timestamp and will be rejected as replay requests. This
> JIRA makes it possible to use a unique key for each service instance.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
