[ https://issues.apache.org/jira/browse/HADOOP-9850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daryn Sharp updated HADOOP-9850: -------------------------------- Status: Patch Available (was: Open) > RPC kerberos errors don't trigger relogin > ----------------------------------------- > > Key: HADOOP-9850 > URL: https://issues.apache.org/jira/browse/HADOOP-9850 > Project: Hadoop Common > Issue Type: Bug > Components: ipc > Affects Versions: 3.0.0, 2.1.0-beta > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Priority: Blocker > Attachments: HADOOP-9850.patch > > > Hadoop auto-renews a ticket cache TGT. However, a TGT acquired via keytab is > just allowed to expire. To compensate, any exception during a kerberos RPC > connection triggers a relogin. > Prior to HADOOP-9698, the RPC client "knew" the SASL client was attempting > authMethod kerberos. Now the SASL client negotiates and returns the > authMethod to the RPC Client. When an exception occurs, such as TGT expired, > the Client doesn't know what the SASL client was attempting so no relogin is > attempted. After 24 hours, keytab based services that act as clients (ex. RM > for token renewal) go dead. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira