[
https://issues.apache.org/jira/browse/HADOOP-11151?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14170059#comment-14170059
]
Andrew Wang commented on HADOOP-11151:
--------------------------------------
[~zb161] thanks for the additional testing, maybe we should file a new JIRA to
track? You could also try increasing the retry count via configuration if you
want to test it. Based on Arun's explanations though, I'd be surprised if it
made a difference, barring network issues.
> Automatically refresh auth token and retry on auth failure
> ----------------------------------------------------------
>
> Key: HADOOP-11151
> URL: https://issues.apache.org/jira/browse/HADOOP-11151
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Reporter: zhubin
> Assignee: Arun Suresh
> Fix For: 2.6.0
>
> Attachments: HADOOP-11151.1.patch, HADOOP-11151.2.patch,
> HADOOP-11151.3.patch, HADOOP-11151.4.patch, HADOOP-11151.5.patch
>
>
> Enable CFS and KMS service in the cluster, initially it worked to put/copy
> file into encryption zone. But after a while (might be one day), it fails to
> put/copy file into the encryption zone with the error
> java.util.concurrent.ExecutionException: java.io.IOException: HTTP status
> [403], message [Forbidden]
> The kms.log shows below
> AbstractDelegationTokenSecretManager - Updating the current master key for
> generating delegation tokens
> 2014-09-29 13:18:46,599 WARN AuthenticationFilter - AuthenticationToken
> ignored: org.apache.hadoop.security.authentication.util.SignerException:
> Invalid signature
> 2014-09-29 13:18:46,599 WARN AuthenticationFilter - Authentication
> exception: Anonymous requests are disallowed
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> Anonymous requests are disallowed
> at
> org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler.authenticate(PseudoAuthenticationHandler.java:184)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:331)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:507)
> at
> org.apache.hadoop.crypto.key.kms.server.KMSAuthenticationFilter.doFilter(KMSAuthenticationFilter.java:129)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
> at java.lang.Thread.run(Thread.java:745)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
