You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Zhe Zhang (JIRA)" <ji...@apache.org> on 2016/06/01 21:35:59 UTC

[jira] [Commented] (HADOOP-13206) Delegation token cannot be fetched and used by different versions of client

    [ https://issues.apache.org/jira/browse/HADOOP-13206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15311169#comment-15311169 ] 

Zhe Zhang commented on HADOOP-13206:
------------------------------------

Thanks for the discussion Yongjun. Based on my tests, tokens fetched by version 2.3 client have IP address and token fetched by version 2.6 client have host names. I'm still trying to find the code which makes this difference.

bq. 1. Do we expect the <host> to be either host name or ip address, or only host name is allowed?
bq. 2. Do we intend to support both hostname and ip address formats here? Based on my read of the jira description, seems we intend to support both
So yes, we should expect both host names and IP addresses in the {{service}} field.

This JIRA just serves an incremental fix to match an IP address and a host name pointing to the same host. In general, I guess {{service}} can be any text. That's why I'm using {{DEBUG}} level logging -- if {{service}} is not in {{host:port}} format, it might not indicate a bug.

Good point about log message, attaching patch to address.

> Delegation token cannot be fetched and used by different versions of client
> ---------------------------------------------------------------------------
>
>                 Key: HADOOP-13206
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13206
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.3.0, 2.6.1
>            Reporter: Zhe Zhang
>            Assignee: Zhe Zhang
>         Attachments: HADOOP-13206.00.patch, HADOOP-13206.01.patch, HADOOP-13206.02.patch
>
>
> We have observed that an HDFS delegation token fetched by a 2.3.0 client cannot be used by a 2.6.1 client, and vice versa. Through some debugging I found that it's a mismatch between the token's {{service}} and the {{service}} of the filesystem (e.g. {{webhdfs://host.something.com:50070/}}). One would be in numerical IP address and one would be in non-numerical hostname format.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org