[
https://issues.apache.org/jira/browse/HBASE-10411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13897597#comment-13897597
]
Liang Xie commented on HBASE-10411:
-----------------------------------
Disable replay caching in krb5-server side seems not enough per my
understanding, since there's another replay checking mechanism in JDK side as
well, see "sun/security/krb5/KrbApReq.java" from jdk source.
One possible solution is to impl another sun.security.krb5.KrbApReq, then build
a jar. With the "-Xbootclasspath/p" parameter, we can utilize the modified
KrbApReq Class(The modification is delete the table get/put related operation)
over the original class from rt.jar :)
Another thing need to know about "-Xbootclasspath" is:
{code}
Note: Applications that use this option for the purpose of overriding a class
in rt.jar should not be deployed as doing so would contravene the Java 2
Runtime Environment binary code license.
{code}
Another more elegant solution is to make cache table checking configurable in
KrbApReq Class, I'll throw a trivial patch to OpenJDK community.
> [Book] Add a kerberos 'request is a replay (34)' issue at troubleshooting
> section
> ---------------------------------------------------------------------------------
>
> Key: HBASE-10411
> URL: https://issues.apache.org/jira/browse/HBASE-10411
> Project: HBase
> Issue Type: Improvement
> Components: documentation, security
> Reporter: takeshi.miao
> Assignee: takeshi.miao
> Priority: Minor
> Attachments: HBASE-10411-trunk-v01.patch, HBASE-10411-v01.odt
>
>
> For kerberos 'request is a replay (34)' issue (HBASE-10379), adding it to the
> troubleshooting section in HBase book
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
