[ https://issues.apache.org/jira/browse/HADOOP-9856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735172#comment-13735172 ]
Daryn Sharp commented on HADOOP-9856: ------------------------------------- Yes, it will be a happy day when we get that integrated and into tests. However it would still be extremely hard to trigger the race condition that this jira addresses - I added the sync back when a heavily loaded .20 JT would occasionally blow up and the root cause was not understood. > Avoid Krb5LoginModule.logout issue > ---------------------------------- > > Key: HADOOP-9856 > URL: https://issues.apache.org/jira/browse/HADOOP-9856 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Affects Versions: 2.0.0-alpha, 3.0.0 > Reporter: Daryn Sharp > Assignee: Daryn Sharp > Attachments: HADOOP-9856.patch > > > The kerberos login module's logout method arguably has a bug. > {{Subject#getPrivateCredentials()}} returns a synchronized set. Iterating > the set requires explicitly locking the set. The > {{Krb5LoginModule#logout()}} is iterating and modifying the set w/o a lock. > This may lead to a {{ConcurrentModificationException}} which is what lead to > {{UGI.getCurrentUser()}} being unnecessarily synchronized. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira