Ishan Chattopadhyaya created SOLR-8373:
------------------------------------------
Summary: KerberosPlugin: Using multiple nodes on same machine
leads clients to fetch TGT for every request
Key: SOLR-8373
URL: https://issues.apache.org/jira/browse/SOLR-8373
Project: Solr
Issue Type: Bug
Reporter: Ishan Chattopadhyaya
Priority: Critical
Kerberized solr nodes accept negotiate/spnego/kerberos requests and processes
them. It also passes back to the client a cookie called "hadoop.auth" (which is
currently unused, but will eventually be used for delegation tokens).
If two or more nodes are on the same machine, they all send out the cookie
which have the same domain (hostname) and same path, but different cookie
values.
Upon receipt at the client, if a cookie is rejected (which in this case will
be), the client compulsorily gets a *new* TGT from the KDC instead of
reading the same ticket from the ticketcache. This is causing the heavy traffic
at the KDC, plus intermittent "Request is a replay" (which indicates race
condition at KDC while handing out the TGT for the same principal).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
