[
https://issues.apache.org/jira/browse/HADOOP-7510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13114809#comment-13114809
]
Daryn Sharp commented on HADOOP-7510:
-------------------------------------
Good question. I had considered disabling the custom resolver based on use_ip,
but it provides additional benefits that I think may be useful in general. The
javadocs that I'm adding detail these differences from the standard resolver.
After I post the patch, you can help me decide if the resolver should be
conditionally enabled.
--
I don't want to belabor the {{getCanonicalServiceName}} issue either. I
completely agree that the method is poorly named (although it does contain
"Service" in its name) and the javadocs are wrong. However, if there is any
confusion: I did not implement this method and it has existed for quite awhile.
Since this is a sustaining release, I feel more comfortable leaving it as it
was for now.
The {{TokenCache}} uses the return value to "assume" it knows how the
{{Credentials}} is keying the tokens. {{Credentials}} doesn't even use the
method. This false coupling appears to be the only reason the method exists.
My renewal patch contained a number of beneficial improvements, including one
that negates the need for the {{TokenCache}} to have any intimate knowledge the
internal implementation of {{Credentials}}. I'll file a jira against trunk to
discuss correcting this behavior, in which case the {{getCanonicalServiceName}}
method need not even exist...
> Tokens should use original hostname provided instead of ip
> ----------------------------------------------------------
>
> Key: HADOOP-7510
> URL: https://issues.apache.org/jira/browse/HADOOP-7510
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Fix For: 0.20.205.0
>
> Attachments: HADOOP-7510-10.patch, HADOOP-7510-2.patch,
> HADOOP-7510-3.patch, HADOOP-7510-4.patch, HADOOP-7510-5.patch,
> HADOOP-7510-6.patch, HADOOP-7510-8.patch, HADOOP-7510-9.patch,
> HADOOP-7510.patch
>
>
> Tokens currently store the ip:port of the remote server. This precludes
> tokens from being used after a host's ip is changed. Tokens should store the
> hostname used to make the RPC connection. This will enable new processes to
> use their existing tokens.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
