[
https://issues.apache.org/jira/browse/HADOOP-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matt Foley updated HADOOP-6907:
-------------------------------
Fix Version/s: 0.20.203.0
This was committed to 0.20-security branch on Mar 4, just before 20.203 was
branched off it. Thus it is in 20.203 and all future releases from
0.20-security sustaining.
> Rpc client doesn't use the per-connection conf to figure out server's
> Kerberos principal
> ----------------------------------------------------------------------------------------
>
> Key: HADOOP-6907
> URL: https://issues.apache.org/jira/browse/HADOOP-6907
> Project: Hadoop Common
> Issue Type: Bug
> Components: ipc, security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Fix For: 0.20.203.0, 0.22.0
>
> Attachments: c6907-12.patch, c6907-15.patch, c6907-16.patch,
> c6907-18.patch, c6907-Y20S.1xx.05.patch
>
>
> Currently, RPC client caches the conf that was passed in to its constructor
> and uses that same conf (or values obtained from it) for every connection it
> sets up. This is not sufficient for security since each connection needs to
> figure out server's Kerberos principal on a per-connection basis. It's not
> reasonable to expect the first conf used by a user to contain all the
> Kerberos principals that her future connections will ever need. Or worse, if
> her first conf contains an incorrect principal name, it will prevent the user
> from connecting to the server even if she later on passes in a correct conf
> on retry (by calling RPC.getProxy()).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
