HADOOP-9850. RPC kerberos errors don't trigger relogin. Contributed by Daryn Sharp.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1511823 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
78cea88e48
commit
c6ba793b65
|
@ -699,6 +699,8 @@ Release 2.1.0-beta - 2013-08-06
|
|||
|
||||
HADOOP-9816. RPC Sasl QOP is broken (daryn)
|
||||
|
||||
HADOOP-9850. RPC kerberos errors don't trigger relogin. (daryn via kihwal)
|
||||
|
||||
BREAKDOWN OF HADOOP-8562 SUBTASKS AND RELATED JIRAS
|
||||
|
||||
HADOOP-8924. Hadoop Common creating package-info.java must not depend on
|
||||
|
|
|
@ -713,6 +713,7 @@ public class Client {
|
|||
}
|
||||
});
|
||||
} catch (Exception ex) {
|
||||
authMethod = saslRpcClient.getAuthMethod();
|
||||
if (rand == null) {
|
||||
rand = new Random();
|
||||
}
|
||||
|
|
|
@ -83,6 +83,7 @@ public class SaslRpcClient {
|
|||
private final Configuration conf;
|
||||
|
||||
private SaslClient saslClient;
|
||||
private AuthMethod authMethod;
|
||||
|
||||
private static final RpcRequestHeaderProto saslHeader = ProtoUtil
|
||||
.makeRpcRequestHeader(RpcKind.RPC_PROTOCOL_BUFFER,
|
||||
|
@ -113,6 +114,18 @@ public class SaslRpcClient {
|
|||
return (saslClient != null) ? saslClient.getNegotiatedProperty(key) : null;
|
||||
}
|
||||
|
||||
|
||||
// the RPC Client has an inelegant way of handling expiration of TGTs
|
||||
// acquired via a keytab. any connection failure causes a relogin, so
|
||||
// the Client needs to know what authMethod was being attempted if an
|
||||
// exception occurs. the SASL prep for a kerberos connection should
|
||||
// ideally relogin if necessary instead of exposing this detail to the
|
||||
// Client
|
||||
@InterfaceAudience.Private
|
||||
public AuthMethod getAuthMethod() {
|
||||
return authMethod;
|
||||
}
|
||||
|
||||
/**
|
||||
* Instantiate a sasl client for the first supported auth type in the
|
||||
* given list. The auth type must be defined, enabled, and the user
|
||||
|
@ -319,8 +332,9 @@ public class SaslRpcClient {
|
|||
DataOutputStream outStream = new DataOutputStream(new BufferedOutputStream(
|
||||
outS));
|
||||
|
||||
// redefined if/when a SASL negotiation completes
|
||||
AuthMethod authMethod = AuthMethod.SIMPLE;
|
||||
// redefined if/when a SASL negotiation starts, can be queried if the
|
||||
// negotiation fails
|
||||
authMethod = AuthMethod.SIMPLE;
|
||||
|
||||
sendSaslMessage(outStream, negotiateRequest);
|
||||
|
||||
|
@ -357,6 +371,7 @@ public class SaslRpcClient {
|
|||
case NEGOTIATE: {
|
||||
// create a compatible SASL client, throws if no supported auths
|
||||
SaslAuth saslAuthType = selectSaslClient(saslMessage.getAuthsList());
|
||||
// define auth being attempted, caller can query if connect fails
|
||||
authMethod = AuthMethod.valueOf(saslAuthType.getMethod());
|
||||
|
||||
byte[] responseToken = null;
|
||||
|
|
Loading…
Reference in New Issue