[
https://issues.apache.org/jira/browse/KNOX-598?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14744190#comment-14744190
]
dillidorai commented on KNOX-598:
---------------------------------
Commenting on the code change introduced
Thread.sleep( 0 );
Could not see the behavior of this well defined.
You may want to consider using
Thread.sleep( 0 , 1); // public static void sleep(long millis, int nanos)
> Concurrent JDBC clients via KNOX to Kerberized HiveServer2 causes HTTP 401
> error (due to Kerberos Replay attack error)
> ----------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-598
> URL: https://issues.apache.org/jira/browse/KNOX-598
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.4.0
> Reporter: Kevin Minder
> Priority: Blocker
> Fix For: 0.7.0
>
> Attachments: KNOX-598_001.patch
>
>
> In high concurrency scenarios the same Knox service principal can ended up
> requesting two service tickets for HiveServer2's HTTP service principal
> within the same microsecond. This is being detected on the HiveServer2 side
> as a replay attack. The fix is to include some concurrency controls in Knox
> to ensure that this cannot occur. This will introduce some minor
> serialization but this seems unavoidable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
