[
https://issues.apache.org/jira/browse/HADOOP-9856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13735172#comment-13735172
]
Daryn Sharp commented on HADOOP-9856:
-------------------------------------
Yes, it will be a happy day when we get that integrated and into tests.
However it would still be extremely hard to trigger the race condition that
this jira addresses - I added the sync back when a heavily loaded .20 JT would
occasionally blow up and the root cause was not understood.
> Avoid Krb5LoginModule.logout issue
> ----------------------------------
>
> Key: HADOOP-9856
> URL: https://issues.apache.org/jira/browse/HADOOP-9856
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Affects Versions: 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HADOOP-9856.patch
>
>
> The kerberos login module's logout method arguably has a bug.
> {{Subject#getPrivateCredentials()}} returns a synchronized set. Iterating
> the set requires explicitly locking the set. The
> {{Krb5LoginModule#logout()}} is iterating and modifying the set w/o a lock.
> This may lead to a {{ConcurrentModificationException}} which is what lead to
> {{UGI.getCurrentUser()}} being unnecessarily synchronized.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
