[
https://issues.apache.org/jira/browse/HADOOP-14687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101661#comment-16101661
]
Daryn Sharp commented on HADOOP-14687:
--------------------------------------
This issue has caused RMs to congest sending events to the ATS. Fields in the
ATS contain nulls until the congested event is posted – sometimes minutes, or
even hours later under heavier load.
> AuthenticatedURL will reuse bad/expired session cookies
> -------------------------------------------------------
>
> Key: HADOOP-14687
> URL: https://issues.apache.org/jira/browse/HADOOP-14687
> Project: Hadoop Common
> Issue Type: Bug
> Components: common
> Affects Versions: 2.6.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
>
> AuthenticatedURL with kerberos was designed to perform spnego, then use a
> session cookie to avoid renegotiation overhead. Unfortunately the client
> will continue to use a cookie after it expires. Every request elicits a 401,
> connection closes (despite keepalive because 401 is an "error"), TGS is
> obtained, connection re-opened, re-requests with TGS, repeat cycle. This
> places a strain on the kdc and creates lots of time_wait sockets.
>
> The main problem is unbeknownst to the auth url, the JDK transparently does
> spnego. The server issues a new cookie but the auth url doesn't scrape the
> cookie from the response because it doesn't know the JDK re-authenticated.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
