[HADOOP-6907] Rpc client doesn't use the per-connection conf to figure out server's Kerberos principal - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.20.203.0, 0.22.0
Component/s: ipc, security
Labels:
None

Hadoop Flags:

Reviewed

Description

Currently, RPC client caches the conf that was passed in to its constructor and uses that same conf (or values obtained from it) for every connection it sets up. This is not sufficient for security since each connection needs to figure out server's Kerberos principal on a per-connection basis. It's not reasonable to expect the first conf used by a user to contain all the Kerberos principals that her future connections will ever need. Or worse, if her first conf contains an incorrect principal name, it will prevent the user from connecting to the server even if she later on passes in a correct conf on retry (by calling RPC.getProxy()).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

c6907-Y20S.1xx.05.patch
04/Sep/10 00:08
27 kB
Kan Zhang
c6907-18.patch
30/Aug/10 21:19
28 kB
Kan Zhang
c6907-16.patch
27/Aug/10 21:45
23 kB
Kan Zhang
c6907-15.patch
18/Aug/10 01:17
23 kB
Kan Zhang
c6907-12.patch
16/Aug/10 22:47
22 kB
Kan Zhang

Issue Links

is depended upon by

HADOOP-6889 Make RPC to have an option to timeout

Closed

relates to

HADOOP-6938 ConnectionId.getRemotePrincipal() should check if security is enabled

Closed

Activity

People

Assignee:: Kan Zhang

Reporter:: Kan Zhang

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 09/Aug/10 21:36

Updated:: 02/May/13 02:29

Resolved:: 02/Sep/10 00:37