[
https://issues.apache.org/jira/browse/HADOOP-9888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15085280#comment-15085280
]
Kai Zheng commented on HADOOP-9888:
-----------------------------------
The patch looks good to me. I would suggest we move the following block along
the static value to {{KerberosUtil}} so that all the places that need the
default realm and call {{KerberosUtil#getDefaultRealm()}} can be updated to
share the value.
{code}
+ public static synchronized String getDefaultRealm() {
+ if (defaultRealm == null) {
+ try {
+ defaultRealm = KerberosUtil.getDefaultRealm();
+ } catch (Exception ke) {
+ LOG.debug("Kerberos krb5 configuration not found, setting default
realm to empty");
+ defaultRealm = "";
+ }
+ }
return defaultRealm;
}
{code}
> KerberosName static initialization gets default realm, which is unneeded in
> non-secure deployment.
> --------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9888
> URL: https://issues.apache.org/jira/browse/HADOOP-9888
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.1.1-beta, 3.0.0
> Reporter: Chris Nauroth
> Assignee: Dmytro Kabakchei
> Attachments: HADOOP-9888.001.patch
>
>
> {{KerberosName}} has a static initialization block that looks up the default
> realm. Running with Oracle JDK7, this code path triggers a DNS query. In
> some environments, we've seen this DNS query block and time out after 30
> seconds. This is part of static initialization, and the class is referenced
> from {{UserGroupInformation#initialize}}, so every daemon and every shell
> command experiences this delay. This occurs even for non-secure deployments,
> which don't need the default realm.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
