[
https://issues.apache.org/jira/browse/FLINK-13516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16923044#comment-16923044
]
Haibo Sun commented on FLINK-13516:
-----------------------------------
The failure of the case is due to the failure of authentication when the yarn
client requests access authorization of resource manager, and subsequent
retries lead to test timeout. New encryption types of
aes128-cts-hmac-sha256-128 and aes256-cts-hmac-sha384-192 (for Kerberos 5)
enabled by default were added in Java 11, while the current version of MiniKdc
used by Flink does not support these encryption types and does not work well
when these encryption types are enabled, which results in the authentication
failure. There are two solutions to fix this issue, one is to add a
configuration template named "minikdc-krb5.conf" in the test resource
directory, and explicitly set default_tkt_enctypes and default_tgs_enctypes to
use aes128-cts-hmac-sha1-96 in the template file, the other is to bump MiniKdc
to the latest version 3.2.0 (I tested that this version has solved this
problem). I've tested both solutions on my local machine, and all tests that
depend on MiniKdc work well on Java 8 and Java 11. Considering that the version
of MiniKdc will be updated sooner or later, I suggest to use the second
solution. [~Zentol], what do you think?
> YARNSessionFIFOSecuredITCase fails on Java 11
> ---------------------------------------------
>
> Key: FLINK-13516
> URL: https://issues.apache.org/jira/browse/FLINK-13516
> Project: Flink
> Issue Type: Sub-task
> Components: Deployment / YARN, Tests
> Reporter: Chesnay Schepler
> Assignee: Haibo Sun
> Priority: Major
> Fix For: 1.10.0
>
>
> {{YARNSessionFIFOSecuredITCase#testDetachedMode}} times out when run on Java
> 11. This may be related to security changes in Java 11.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
