You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Raghavendra Nandagopal (JIRA)" <ji...@apache.org> on 2014/06/20 01:12:25 UTC
[jira] [Comment Edited] (STORM-345) (Security) AutoTGT renewal is
not working
[ https://issues.apache.org/jira/browse/STORM-345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14038075#comment-14038075 ]
Raghavendra Nandagopal edited comment on STORM-345 at 6/19/14 11:11 PM:
------------------------------------------------------------------------
After going through most of the configuration parameters (JAAS) and running through AutoTGT, the client configuration requires "useTicketCache=true" to be set. With this config parameter client has to initially call kinit and have the user obtain ticket. Next, once AutoTGT is called then it is renewing the ticket obtained through the ticket cache. In this situation, the tgt.renew() method doesn't fail and correctly does the renewal.
Without setting the parameter useTicketCache=true it is not possible to renew the ticket because the ticket obtained directly doesn't set the renewable flag due to which tgt.refresh() method is failing.
For example, below is the sample configuration.
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/user/client.keytab
useTicketCache=true
principal="user/domain";
};
Please let me know if this correct or we need to take different approach.
was (Author: speaktoraghav):
After going through most of the configuration parameters (JAAS) and running through AutoTGT, the client configuration requires "useTicketCache=true" to be set. With this config parameter client has to initially call kinit and have the user obtain ticket. Next, once AutoTGT is called then it is renewing the ticket obtained through the ticket cache. In this situation, the tgt.renew() method doesn't fail and correctly does the renewal.
Without setting the parameter useTicketCache=true it is not possible to renew the ticket because the ticket obtained directly doesn't set the renewable flag due to this tgt.refresh() will fail.
For example, below is the sample configuration.
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/user/client.keytab
useTicketCache=true
principal="user/domain";
};
Please let me know if this correct or we need to take different approach.
> (Security) AutoTGT renewal is not working
> -----------------------------------------
>
> Key: STORM-345
> URL: https://issues.apache.org/jira/browse/STORM-345
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Raghavendra Nandagopal
> Labels: security
>
> AutoTGT will call tgt.refresh(); to try and renew a token, but ever time we try to make this work the java code blows up with some very odd errors.
> Either we need to find some configurations and document them on how to make this work.
> Rip out the renewal code and update the documentation to explain that the renewal is not supported.
> Find another way to renew the TGT (Some other library)
--
This message was sent by Atlassian JIRA
(v6.2#6252)