[ https://issues.apache.org/jira/browse/SPARK-29957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dongjoon Hyun updated SPARK-29957: ---------------------------------- Parent: SPARK-29194 Issue Type: Sub-task (was: Improvement) > Reset MiniKDC's default enctypes to fit jdk8/jdk11 > -------------------------------------------------- > > Key: SPARK-29957 > URL: https://issues.apache.org/jira/browse/SPARK-29957 > Project: Spark > Issue Type: Sub-task > Components: Tests > Affects Versions: 3.0.0 > Reporter: angerszhu > Assignee: angerszhu > Priority: Major > Fix For: 3.0.0 > > > Since MiniKdc version lower than hadoop-3.0 can't work well in jdk11. > New encryption types of es128-cts-hmac-sha256-128 and > aes256-cts-hmac-sha384-192 (for Kerberos 5) enabled by default were added in > Java 11, while version of MiniKdc under 3.0.0 used by Spark does not support > these encryption types and does not work well when these encryption types are > enabled, which results in the authentication failure. > ----- > Hadoop jira: https://issues.apache.org/jira/browse/HADOOP-12911 > In this jira, the author said to replace origin Apache Directory project > which is not maintained (but not said it won't work well in jdk11) to Apache > Kerby which is java binding(fit java version). > And in Flink: apache/flink#9622 > Author show the reason why hadoop-2.7.2's MminiKdc failed with jdk11. > Because new encryption types of es128-cts-hmac-sha256-128 and > aes256-cts-hmac-sha384-192 (for Kerberos 5) enabled by default were added in > Java 11. > Spark with hadoop-2.7's MiniKdcdoes not support these encryption types and > does not work well when these encryption types are enabled, which results in > the authentication failure. > And when I test hadoop-2.7.2's minikdc in local, the kerberos 's debug error > message is read message stream failed, message can't match. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org