[
https://issues.apache.org/jira/browse/HADOOP-12787?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoyu Yao updated HADOOP-12787:
--------------------------------
Attachment: HADOOP-12878.02.patch
Thanks [~jnp] for the review! Patch v02 removes the redundant exception
handling code. I've manually test the patch with both curl and distcp that
access Kerberos enabled encryption zone and verified it fix the original
problem.
Unit test is not added here as it relies on MiniKMS which currently does not
support Kerberos. That's part of the reason why we did not see this for a long
time even though we have unit tests that cover webhdfs, KMS, encryption zone
but without Kerberos. I will open a separate ticket for supporting Kerberos in
MiniKMS.
> KMS SPNEGO sequence does not work with WEBHDFS
> ----------------------------------------------
>
> Key: HADOOP-12787
> URL: https://issues.apache.org/jira/browse/HADOOP-12787
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms, security
> Affects Versions: 2.6.3
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Attachments: HADOOP-12878.00.patch, HADOOP-12878.01.patch,
> HADOOP-12878.02.patch
>
>
> This was a follow up of my
> [comments|https://issues.apache.org/jira/browse/HADOOP-12559?focusedCommentId=15059045&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15059045]
> for HADOOP-10698.
> It blocks a delegation token based user (MR) using WEBHDFS to access KMS
> server for encrypted files. This might work in many cases before as JDK 7 has
> been aggressively do SPENGO implicitly. However, this is not the case in JDK
> 8 as we have seen many failures when using WEBHDFS with KMS and HDFS
> encryption zone.
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
