[
https://issues.apache.org/jira/browse/KNOX-598?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Minder updated KNOX-598:
------------------------------
Description: In high concurrency scenarios the same Knox service principal
can ended up requesting two service tickets for HiveServer2's HTTP service
principal within the same microsecond. This is being detected on the
HiveServer2 side as a replay attack. The fix is to include some concurrency
controls in Knox to ensure that this cannot occur. This will introduce some
minor serialization but this seems unavoidable.
> Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401
> error (due to Kerberos Replay attack error)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-598
> URL: https://issues.apache.org/jira/browse/KNOX-598
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Priority: Blocker
> Fix For: 0.7.0
>
>
> In high concurrency scenarios the same Knox service principal can ended up
> requesting two service tickets for HiveServer2's HTTP service principal
> within the same microsecond. This is being detected on the HiveServer2 side
> as a replay attack. The fix is to include some concurrency controls in Knox
> to ensure that this cannot occur. This will introduce some minor
> serialization but this seems unavoidable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
