You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Alexey Serbin (Jira)" <ji...@apache.org> on 2020/07/29 19:37:01 UTC
[jira] [Updated] (KUDU-3178) Terminate connections which have been
open for long time
[ https://issues.apache.org/jira/browse/KUDU-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexey Serbin updated KUDU-3178:
--------------------------------
Summary: Terminate connections which have been open for long time (was: Terminate connections which have been open for longer than authn token expiration period)
> Terminate connections which have been open for long time
> --------------------------------------------------------
>
> Key: KUDU-3178
> URL: https://issues.apache.org/jira/browse/KUDU-3178
> Project: Kudu
> Issue Type: Improvement
> Components: master, security, tserver
> Reporter: Alexey Serbin
> Priority: Major
>
> A Kudu client can open a connection to {{kudu-master}} or {{kudu-tserver}} and keep that connection open indefinitely by issuing some method at least once every {{\-\-rpc_default_keepalive_time_ms}} interval (e.g., call {{Ping()}} method). This means there isn't a limit on how long an client can have access to cluster once it's authenticated, unless {{kudu-master}} and {{kudu-tserver}} processes are restarted. When fine-grained authorization if enforced, this issue is really benign because such lingering clients are unable to call any methods that require authz token to be provided.
> It would be nice to address this by providing an option to terminate connections which were established long time ago. Both the interval of the maximum connection lifetime and whether to terminate over-the-TTL connections should be controlled by flags.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)