You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2015/01/15 08:59:34 UTC

[jira] [Created] (HADOOP-11482) Clients that cache instances of KMSClientProvider fail Authentication when "addDelegationTokens()" method is called after authentication token validity expires

Arun Suresh created HADOOP-11482:
------------------------------------

             Summary: Clients that cache instances of KMSClientProvider fail Authentication when "addDelegationTokens()" method is called after authentication token validity expires 
                 Key: HADOOP-11482
                 URL: https://issues.apache.org/jira/browse/HADOOP-11482
             Project: Hadoop Common
          Issue Type: Bug
    Affects Versions: 2.5.0
            Reporter: Arun Suresh
            Assignee: Arun Suresh


Long Living clients of HDFS (For eg. OOZIE) use cached DFSClients which in turn use a cached KMSClientProvider to talk to KMS.

Before an MR Job is run, the job client calls the {{DFClient.addDelegationTokens()}} method which calls {{addDelegationTokens()}} on the {{KMSClientProvider}} to get any delegation token associated to the user.

Unfortunately, this call uses a cached {{DelegationTokenAuthenticationURL.Token}} instance which can cause the {{SignerSecretProvider}} implementation of the {{AuthenticationFilter}} at the KMS Server end to fail validation. Which results in the MR job itself failing.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)