[
https://issues.apache.org/jira/browse/HADOOP-9888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15085705#comment-15085705
]
Dmytro Kabakchei commented on HADOOP-9888:
------------------------------------------
I've finished reviewing of what changes refactoring proposed by Kai Zheng would
require.
It requires changes to KerberosUtil, KerberosName, HadoopKerberosName,
RegistrySecurity classes and some tests. Although such changes are possible,
but solutions to resolve exceptions handing logic for those classes are very
ugly. I'm afraid that such refactoring would bring some overhead and make code
very ugly.
Nevertheless, DNS lookup stays as it was, but now it is skipped for non-secure
deployments.
Somebody, please, review the patch and approve or reject it with explanation.
> KerberosName static initialization gets default realm, which is unneeded in
> non-secure deployment.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9888
> URL: https://issues.apache.org/jira/browse/HADOOP-9888
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.1.1-beta, 3.0.0
> Reporter: Chris Nauroth
> Assignee: Dmytro Kabakchei
> Attachments: HADOOP-9888.001.patch
>
>
> {{KerberosName}} has a static initialization block that looks up the default
> realm. Running with Oracle JDK7, this code path triggers a DNS query. In
> some environments, we've seen this DNS query block and time out after 30
> seconds. This is part of static initialization, and the class is referenced
> from {{UserGroupInformation#initialize}}, so every daemon and every shell
> command experiences this delay. This occurs even for non-secure deployments,
> which don't need the default realm.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
