[
https://issues.apache.org/jira/browse/HADOOP-9070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13502098#comment-13502098
]
Daryn Sharp commented on HADOOP-9070:
-------------------------------------
Yes, I thoroughly tested both kerberos and tokens to ensure they work with the
latest patch. As mentioned in my prior comment, this does cause a RPC
incompatibility within 2.x. Earlier 2.x clients will receive an extra reply
(SUCCESS) from a 2.0.3 server after the kerberos negotiation completes. The
client will interpret this as the response for the next proxy call, which will
cause a protobuf error. A 2.0.3 client will timeout waiting for the SUCCESS
response from earlier 2.x servers. Maybe we should bump the RPC version in
2.0.3? Or if that's unpalatable, I can investigate a backwards compatible
client change that might be hacky (not sure yet).
> Kerberos SASL server cannot find kerberos key
> ---------------------------------------------
>
> Key: HADOOP-9070
> URL: https://issues.apache.org/jira/browse/HADOOP-9070
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc
> Affects Versions: 3.0.0, 2.0.3-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HADOOP-9070.patch, HADOOP-9070.patch
>
>
> HADOOP-9015 inadvertently removed a {{doAs}} block around instantiation of
> the sasl server which renders a server incapable of accepting kerberized
> connections.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
