Rpc client doesn't use the per-connection conf to figure out server's Kerberos
principal
----------------------------------------------------------------------------------------
Key: HADOOP-6907
URL: https://issues.apache.org/jira/browse/HADOOP-6907
Project: Hadoop Common
Issue Type: Bug
Components: ipc, security
Reporter: Kan Zhang
Assignee: Kan Zhang
Currently, RPC client caches the conf that was passed in to its constructor and
uses that same conf (or values obtained from it) for every connection it sets
up. This is not sufficient for security since each connection needs to figure
out server's Kerberos principal on a per-connection basis. It's not reasonable
to expect the first conf used by a user to contain all the Kerberos principals
that her future connections will ever need. Or worse, if her first conf
contains an incorrect principal name, it will prevent the user from connecting
to the server even if she later on passes in a correct conf on retry
(RPC.getProxy()).
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
