You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Gary Helmling (JIRA)" <ji...@apache.org> on 2016/03/01 00:59:18 UTC
[jira] [Commented] (HADOOP-9567) Provide auto-renewal for keytab
based logins
[ https://issues.apache.org/jira/browse/HADOOP-9567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172913#comment-15172913 ]
Gary Helmling commented on HADOOP-9567:
---------------------------------------
I'd like to revive this issue. Yes, the current relogin behavior upon connection failure in {{handleSaslConnectionFailure()}} works, but when you have all datanodes (or other client processes) started at the same time, this can lead to a thundering herd effect, where all processes pile on the KDC at the same time.
I think we can do better by starting a background thread (same as login from the credential cache), which will initiate a relogin after a reasonable portion of the ticket's lifetime +- some induced jitter to spread out the load.
> Provide auto-renewal for keytab based logins
> --------------------------------------------
>
> Key: HADOOP-9567
> URL: https://issues.apache.org/jira/browse/HADOOP-9567
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Priority: Minor
>
> We do a renewal for cached tickets (obtained via kinit before using a Hadoop application) but we explicitly seem to avoid doing a renewal for keytab based logins (done from within the client code) when we could do that as well via a similar thread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)