[
https://issues.apache.org/jira/browse/HDFS-6354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14006519#comment-14006519
]
Daryn Sharp commented on HDFS-6354:
-----------------------------------
The affected version is 2.2. I think 2.3 or 2.4 checks if filter init fails,
if yes, takes down the NN.
However... That's for JDK6. JDK7 decided that keytab logins are lazy! A
LoginContext will _always_ return success regardless of whether the principal
is in the keytab OR if the keytab even exists. It's not until a gss session
starts that an exception will be thrown for a missing principal or missing
keytab. I thought it was a bug. It's by design.
So which hadoop and JDK version is involved?
> NN startup does not fail when it fails to login with the spnego principal
> -------------------------------------------------------------------------
>
> Key: HDFS-6354
> URL: https://issues.apache.org/jira/browse/HDFS-6354
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.2.0
> Reporter: Arpit Gupta
>
> I have noticed where the NN startup did not report any issues the login fails
> because either the keytab is wrong or the principal does not exist etc. This
> can be mis leading and lead to authentication failures when a client tries to
> authenticate to the spnego principal.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
