[jira] [Commented] (HADOOP-9850) RPC kerberos errors don't trigger relogin

Thu, 08 Aug 2013 08:21:38 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-9850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13733590#comment-13733590
 ] 

Hudson commented on HADOOP-9850:
--------------------------------

SUCCESS: Integrated in Hadoop-trunk-Commit #4227 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/4227/])
HADOOP-9850. RPC kerberos errors don't trigger relogin. Contributed by Daryn 
Sharp. (kihwal: 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1511823)
* /hadoop/common/trunk/hadoop-common-project/hadoop-common/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/ipc/Client.java
* 
/hadoop/common/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java

                
> RPC kerberos errors don't trigger relogin
> -----------------------------------------
>
>                 Key: HADOOP-9850
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9850
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: ipc
>    Affects Versions: 3.0.0, 2.1.0-beta
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>             Fix For: 3.0.0, 2.1.0-beta
>
>         Attachments: HADOOP-9850.patch
>
>
> Hadoop auto-renews a ticket cache TGT.  However, a TGT acquired via keytab is 
> just allowed to expire.  To compensate, any exception during a kerberos RPC 
> connection triggers a relogin.
> Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting 
> authMethod kerberos.  Now the SASL client negotiates and returns the 
> authMethod to the RPC Client.  When an exception occurs, such as TGT expired, 
> the Client doesn't know what the SASL client was attempting so no relogin is 
> attempted.  After 24 hours, keytab based services that act as clients (ex. RM 
> for token renewal) go dead.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to