[
https://issues.apache.org/jira/browse/HADOOP-9070?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13554311#comment-13554311
]
Daryn Sharp commented on HADOOP-9070:
-------------------------------------
Reverting this patch alone won't undo the version incompatibility. The SASL
exchange was amended on another jira to send a final ack during SASL exchange.
This ensured a symmetry that every client message received a response - instead
of the client sometimes assuming that auth was successful. If the assumption
was wrong, and the server sent an exception or switch to simple, it was
misinterpreted as a malformed protobuf response to the first proxy call.
I might be able to somehow maintain compatibility, but it's likely going to
require hardcoded hacks.
I understand the desire to avoid wire incompat, and I would 100% agree if this
was 2.1 or 2.2. I'd make the case that alpha 2.0 is the time to make changes
to support future work on the 2.x branch. I'm concerned that the larger goal
of pluggable SASL mechanisms won't work w/o more hacks for which mechanisms do
or don't send a final ack, which essentially means it's not going to be
feasible in 2.x.
> Kerberos SASL server cannot find kerberos key
> ---------------------------------------------
>
> Key: HADOOP-9070
> URL: https://issues.apache.org/jira/browse/HADOOP-9070
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: ipc
> Affects Versions: 3.0.0, 2.0.3-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Fix For: 2.0.3-alpha
>
> Attachments: HADOOP-9070.patch, HADOOP-9070.patch, HADOOP-9070.patch
>
>
> HADOOP-9015 inadvertently removed a {{doAs}} block around instantiation of
> the sasl server which renders a server incapable of accepting kerberized
> connections.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
