[jira] [Commented] (HADOOP-18581) Handle Server KDC re-login when Server and Client run in same JVM.

Tue, 03 Jan 2023 16:00:17 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-18581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17654213#comment-17654213
 ] 

ASF GitHub Bot commented on HADOOP-18581:
-----------------------------------------

liuml07 commented on PR #5248:
URL: https://github.com/apache/hadoop/pull/5248#issuecomment-1370342353

   It has been a while since last time I check the security code. My 
understanding fades away as security is complex and risky. Consider my comments 
non-binding here.
   
   It makes sense to have to force re-login for addressing the issue.
   1. Is it possible to figure out some unit tests (not necessarily NN+JN case) 
for Server and/or UGI? Even the current code change is straightforward, it may 
be broken by mistake or misunderstanding in future.
   2. Do we need `Server#canTryForceLogin` to be thread-safe for multiple 
connections?
   3. Is it clear to extract the new code in `Server` to a private helper 
method?




> Handle Server KDC re-login when Server and Client run in same JVM.
> ------------------------------------------------------------------
>
>                 Key: HADOOP-18581
>                 URL: https://issues.apache.org/jira/browse/HADOOP-18581
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 3.1.1
>            Reporter: Surendra Singh Lilhore
>            Assignee: Surendra Singh Lilhore
>            Priority: Major
>              Labels: pull-request-available
>
> Handle re-login in Server when client, server running in same JVM and client 
> trying to re-login, but it fails.
> For example, NameNode is server but in same JVM journal node client also 
> running to push to edit logs. When JN client try to re-login and it fails, it 
> will destroy server service ticket also and NameNode not able to server 
> client request. We can see the below error logs in NameNode log file.
>  
> {noformat}
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause: 
> (GSS initiate failed)
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause: 
> (GSS initiate failed)
> Auth failed for x.x.x.x:42199:null (GSS initiate failed) with true cause: 
> (GSS initiate failed){noformat}
> Same discussion happened in HADOOP-17996.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to