Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10786

Fix UGI#reloginFromKeytab on Java 8

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      Krb5LoginModule changed subtly in java 8: in particular, if useKeyTab and storeKey are specified, then only a KeyTab object is added to the Subject's private credentials, whereas in java <= 7 both a KeyTab and some number of KerberosKey objects were added.

      The UGI constructor checks whether or not a keytab was used to login by looking if there are any KerberosKey objects in the Subject's private credentials. If there are, then isKeyTab is set to true, and otherwise it's set to false.

      Thus, in java 8 isKeyTab is always false given the current UGI implementation, which makes UGI#reloginFromKeytab fail silently.

      Attached patch will check for a KeyTab object on the Subject, instead of a KerberosKey object. This fixes relogins from kerberos keytabs on Oracle java 8, and works on Oracle java 7 as well.

      Attachments

        1. HADOOP-10786.2.patch
          7 kB
          Stephen Chu
        2. HADOOP-10786.3.patch
          7 kB
          Stephen Chu
        3. HADOOP-10786.3.patch
          7 kB
          Stephen Chu
        4. HADOOP-10786.4.patch
          7 kB
          Stephen Chu
        5. HADOOP-10786.5.patch
          7 kB
          Stephen Chu
        6. HADOOP-10786.patch
          1 kB
          Tobi Knaup

        Issue Links

          depends upon

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10963 Move compile-time dependency to JDK7

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. SLIDER-1010 SliderAM rejecting launch in a secure cluster —claims user not on a keytab

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-11287 Simplify UGI#reloginFromKeytab for Java 7+

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-11090 [Umbrella] Support Java 8 in Hadoop

          • Major - Major loss of function.
          • Resolved

          Umbrella - An overarching type made of sub-tasks HBASE-7608 Considering Java 8

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              schu Stephen Chu
              Tobi19 Tobi Vollebregt
              Votes:
              1 Vote for this issue
              Watchers:
              30 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: