[jira] [Commented] (HADOOP-13206) Delegation token cannot be fetched and used by different versions of client

Thu, 26 May 2016 14:54:06 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15303015#comment-15303015
 ] 

Yongjun Zhang commented on HADOOP-13206:
----------------------------------------

Hi [~zhz],

Thanks for the new rev.

Some questions and comments:

{code}
60                try {
61                  serviceMatch = 
NetUtils.createSocketAddr(token.getService().toString()).
62                      equals(NetUtils.createSocketAddr(service.toString()));
63                } catch (IllegalArgumentException e) {
64                  SecurityUtil.LOG.debug("service " + service + " or token 
service " +
65                      token.getService() + " is not in host:port format.");
66                }
{code}
1. Do we expect the <host> to be either host name or ip address, or only host 
name is allowed?
2. Do we intend to support both hostname and ip address formats here? Based on 
my read of the jira description, seems we intend to support both
3. Is the msg level DEBUG sufficient? I guess we might see too many messages if 
we change it to WARN? 
4. Suggest to do
{code}
64                  SecurityUtil.LOG.<xyz>("service " + service + " or token 
service " +
65                      token.getService() + " is not in host:port format.", e);
{code}

Thanks.


> Delegation token cannot be fetched and used by different versions of client
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-13206
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13206
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.3.0, 2.6.1
>            Reporter: Zhe Zhang
>            Assignee: Zhe Zhang
>         Attachments: HADOOP-13206.00.patch, HADOOP-13206.01.patch
>
>
> We have observed that an HDFS delegation token fetched by a 2.3.0 client 
> cannot be used by a 2.6.1 client, and vice versa. Through some debugging I 
> found that it's a mismatch between the token's {{service}} and the 
> {{service}} of the filesystem (e.g. {{webhdfs://host.something.com:50070/}}). 
> One would be in numerical IP address and one would be in non-numerical 
> hostname format.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to