[jira] [Updated] (SPARK-29957) Reset MiniKDC's default enctypes to fit jdk8/jdk11

Fri, 06 Dec 2019 12:05:35 -0800 


     [ 
https://issues.apache.org/jira/browse/SPARK-29957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dongjoon Hyun updated SPARK-29957:
----------------------------------
        Parent: SPARK-29194
    Issue Type: Sub-task  (was: Improvement)

> Reset MiniKDC's default enctypes to fit jdk8/jdk11
> --------------------------------------------------
>
>                 Key: SPARK-29957
>                 URL: https://issues.apache.org/jira/browse/SPARK-29957
>             Project: Spark
>          Issue Type: Sub-task
>          Components: Tests
>    Affects Versions: 3.0.0
>            Reporter: angerszhu
>            Assignee: angerszhu
>            Priority: Major
>             Fix For: 3.0.0
>
>
> Since MiniKdc version lower than hadoop-3.0 can't work well in jdk11.
> New encryption types of es128-cts-hmac-sha256-128 and 
> aes256-cts-hmac-sha384-192 (for Kerberos 5) enabled by default were added in 
> Java 11, while version of MiniKdc under 3.0.0 used by Spark does not support 
> these encryption types and does not work well when these encryption types are 
> enabled, which results in the authentication failure.
> -----
> Hadoop jira: https://issues.apache.org/jira/browse/HADOOP-12911
> In this jira, the author said to replace origin Apache Directory project 
> which is not maintained (but not said it won't work well in jdk11) to Apache 
> Kerby which is java binding(fit java version).
> And in Flink: apache/flink#9622
> Author show the reason why hadoop-2.7.2's MminiKdc failed with jdk11.
> Because new encryption types of es128-cts-hmac-sha256-128 and 
> aes256-cts-hmac-sha384-192 (for Kerberos 5) enabled by default were added in 
> Java 11.
> Spark with hadoop-2.7's MiniKdcdoes not support these encryption types and 
> does not work well when these encryption types are enabled, which results in 
> the authentication failure.
> And when I test hadoop-2.7.2's minikdc in local, the kerberos 's debug error 
> message is read message stream failed, message can't match.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to