[
https://issues.apache.org/jira/browse/HADOOP-8830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938542#comment-15938542
]
Burak Gursoy commented on HADOOP-8830:
--------------------------------------
Hi,
Is this ticket still valid or solved elsewhere like YARN-621 ?
> org.apache.hadoop.security.authentication.server.AuthenticationFilter might
> be called twice, causing kerberos replay errors
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-8830
> URL: https://issues.apache.org/jira/browse/HADOOP-8830
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.0.1-alpha, 2.1.0-beta, 2.1.1-beta, 2.2.0
> Reporter: Moritz Moeller
> Assignee: Omkar Vinit Joshi
> Priority: Critical
> Labels: BB2015-05-TBR
> Attachments: HADOOP-8830.20131026.1.patch,
> HADOOP-8830.20131027.1.patch
>
>
> AuthenticationFilter.doFilter is called twice (not sure if that is
> intentional or not).
> The second time it is called the ServletRequest is already authenticated,
> i.e. httpRequest.getRemoteUser() returns non-null info.
> If the kerberos authentication is triggered a second time it'll return a
> replay attack exception.
> I solved this by adding a if (httpRequest.getRemoteUser() == null) at the
> very beginning of doFilter.
> Alternatively one can set an attribute on the request, or figure out why
> doFilter is called twice.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
