[
https://issues.apache.org/jira/browse/HADOOP-9969?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15139596#comment-15139596
]
Greg Senia commented on HADOOP-9969:
------------------------------------
[~daryn] I have reached out to IBM JDK Security team to try to get info on if
IBM is doing it correctly.. I patched my HDP build from HWX and it seems to
solve the issues.. But waiting to hear from IBM JDK folks... Any other info on
plans to integrate this into the Core Hadoop build would be great..
thanks
> TGT expiration doesn't trigger Kerberos relogin
> -----------------------------------------------
>
> Key: HADOOP-9969
> URL: https://issues.apache.org/jira/browse/HADOOP-9969
> Project: Hadoop Common
> Issue Type: Bug
> Components: ipc, security
> Affects Versions: 2.1.0-beta, 2.5.0, 2.5.2, 2.6.0, 2.6.1, 2.8.0, 2.7.1,
> 2.6.2, 2.6.3
> Environment: IBM JDK7
> Reporter: Yu Gao
> Attachments: HADOOP-9969.patch, JobTracker.log
>
>
> In HADOOP-9698 & HADOOP-9850, RPC client and Sasl client have been changed to
> respect the auth method advertised from server, instead of blindly attempting
> the configured one at client side. However, when TGT has expired, an
> exception will be thrown from SaslRpcClient#createSaslClient(SaslAuth
> authType), and at this time the authMethod still holds the initial value
> which is SIMPLE and never has a chance to be updated with the expected one
> requested by server, so kerberos relogin will not happen.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
