[
https://issues.apache.org/jira/browse/HADOOP-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12903698#action_12903698
]
Hadoop QA commented on HADOOP-6907:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12453285/c6907-16.patch
against trunk revision 989999.
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 3 new or modified tests.
-1 javadoc. The javadoc tool appears to have generated 1 warning messages.
-1 javac. The applied patch generated 1025 javac compiler warnings (more
than the trunk's current 1017 warnings).
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of
release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/664/testReport/
Findbugs warnings:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/664/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/664/artifact/trunk/build/test/checkstyle-errors.html
Console output:
http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/664/console
This message is automatically generated.
> Rpc client doesn't use the per-connection conf to figure out server's
> Kerberos principal
> ----------------------------------------------------------------------------------------
>
> Key: HADOOP-6907
> URL: https://issues.apache.org/jira/browse/HADOOP-6907
> Project: Hadoop Common
> Issue Type: Bug
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c6907-12.patch, c6907-15.patch, c6907-16.patch
>
>
> Currently, RPC client caches the conf that was passed in to its constructor
> and uses that same conf (or values obtained from it) for every connection it
> sets up. This is not sufficient for security since each connection needs to
> figure out server's Kerberos principal on a per-connection basis. It's not
> reasonable to expect the first conf used by a user to contain all the
> Kerberos principals that her future connections will ever need. Or worse, if
> her first conf contains an incorrect principal name, it will prevent the user
> from connecting to the server even if she later on passes in a correct conf
> on retry (by calling RPC.getProxy()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
