[ https://issues.apache.org/jira/browse/IMPALA-7638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636168#comment-16636168 ]
Michael Ho commented on IMPALA-7638: ------------------------------------ {quote}I suspect that with KRPC enabled we should not see Kerberos negotiations take several minutes, but we should confirm this with some stress tests. {quote} We still have some internal RPCs running on Thrift now but they will be converted to KRPCs eventually. That should reduce the load on KDC due to reduced number of connections. That said, I am not sure if the load of KDC has to do with the timeout in question here. My understanding is that the Kerberos negotiation between the client and server shouldn't involve the KDC as the client should have obtained the Kerberos ticket at that point. I could be wrong as there may be details which I may have missed. Based on the review comment [here|https://gerrit.cloudera.org/#/c/7061], may be [~sailesh] can chime in any insight he may have on the long Kerberos negotiation time. > Lower default timeout for connection setup > ------------------------------------------ > > Key: IMPALA-7638 > URL: https://issues.apache.org/jira/browse/IMPALA-7638 > Project: IMPALA > Issue Type: Bug > Components: Backend > Affects Versions: Impala 3.1.0 > Reporter: Lars Volker > Priority: Major > Fix For: Impala 2.11.0 > > > IMPALA-5394 added the sasl_connect_tcp_timeout_ms flag with a default timeout > of 5 minutes. This seems too long as broken clients will prevent new clients > from establishing connections for this time. In addition to increasing the > acceptor thread pool size (IMPALA-7565) we should lower this timeout > considerably, e.g. to 5 seconds. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org