[
https://issues.apache.org/jira/browse/IMPALA-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636168#comment-16636168
]
Michael Ho commented on IMPALA-7638:
------------------------------------
{quote}I suspect that with KRPC enabled we should not see Kerberos negotiations
take several minutes, but we should confirm this with some stress tests.
{quote}
We still have some internal RPCs running on Thrift now but they will be
converted to KRPCs eventually. That should reduce the load on KDC due to
reduced number of connections. That said, I am not sure if the load of KDC has
to do with the timeout in question here. My understanding is that the Kerberos
negotiation between the client and server shouldn't involve the KDC as the
client should have obtained the Kerberos ticket at that point. I could be wrong
as there may be details which I may have missed. Based on the review commentÂ
[here|https://gerrit.cloudera.org/#/c/7061], may be [~sailesh] can chime in any
insight he may have on the long Kerberos negotiation time.
> Lower default timeout for connection setup
> ------------------------------------------
>
> Key: IMPALA-7638
> URL: https://issues.apache.org/jira/browse/IMPALA-7638
> Project: IMPALA
> Issue Type: Bug
> Components: Backend
> Affects Versions: Impala 3.1.0
> Reporter: Lars Volker
> Priority: Major
> Fix For: Impala 2.11.0
>
>
> IMPALA-5394 added the sasl_connect_tcp_timeout_ms flag with a default timeout
> of 5 minutes. This seems too long as broken clients will prevent new clients
> from establishing connections for this time. In addition to increasing the
> acceptor thread pool size (IMPALA-7565) we should lower this timeout
> considerably, e.g. to 5 seconds.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org
