You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2015/01/15 08:59:34 UTC
[jira] [Created] (HADOOP-11482) Clients that cache instances of
KMSClientProvider fail Authentication when "addDelegationTokens()" method
is called after authentication token validity expires
Arun Suresh created HADOOP-11482:
------------------------------------
Summary: Clients that cache instances of KMSClientProvider fail Authentication when "addDelegationTokens()" method is called after authentication token validity expires
Key: HADOOP-11482
URL: https://issues.apache.org/jira/browse/HADOOP-11482
Project: Hadoop Common
Issue Type: Bug
Affects Versions: 2.5.0
Reporter: Arun Suresh
Assignee: Arun Suresh
Long Living clients of HDFS (For eg. OOZIE) use cached DFSClients which in turn use a cached KMSClientProvider to talk to KMS.
Before an MR Job is run, the job client calls the {{DFClient.addDelegationTokens()}} method which calls {{addDelegationTokens()}} on the {{KMSClientProvider}} to get any delegation token associated to the user.
Unfortunately, this call uses a cached {{DelegationTokenAuthenticationURL.Token}} instance which can cause the {{SignerSecretProvider}} implementation of the {{AuthenticationFilter}} at the KMS Server end to fail validation. Which results in the MR job itself failing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)