[
https://issues.apache.org/jira/browse/KNOX-598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743608#comment-14743608
]
ASF subversion and git services commented on KNOX-598:
------------------------------------------------------
Commit e20e5b06e3d8184376ab7a53835f3405433e9ee9 in knox's branch
refs/heads/master from [~kevin.minder]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=e20e5b0 ]
KNOX-598: Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes
HTTP 401 error (due to Kerberos Replay attack error)
> Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401
> error (due to Kerberos Replay attack error)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-598
> URL: https://issues.apache.org/jira/browse/KNOX-598
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Priority: Blocker
> Fix For: 0.7.0
>
> Attachments: KNOX-598_001.patch
>
>
> In high concurrency scenarios the same Knox service principal can ended up
> requesting two service tickets for HiveServer2's HTTP service principal
> within the same microsecond. This is being detected on the HiveServer2 side
> as a replay attack. The fix is to include some concurrency controls in Knox
> to ensure that this cannot occur. This will introduce some minor
> serialization but this seems unavoidable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
