You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@hbase.apache.org by Paramesh Nc <pa...@gmail.com> on 2016/12/27 17:38:17 UTC
What is the difference between relogInFromKeyTab and renewal of
Kerberos ticket?
Dear All,
I am running program which fetches the records from the secured
(Kerboraized ) HBase .
And user principal I am using in my program has maximumlife of 30 Seconds
and maximum renewal life of 1 Minutes .
And I am actually doing an experiment in the test program to understand how
auto renewal works in Hadoop .
When I am making the thread sleep for every one minute before fetching the
records it able to fetch the records .
My question here even though auto renewal of ticket is working fine .
Since the maximum renewable life time is 1 minutes when make the thread
sleep for a miuntes and then fetches the records it still able to fetch the
records How come this is possible as it violates the basic definition of
the maximum renewable life time of ticket .
Is it because whenever it performs the reloginFromKeyTab before making an
RPC call the life time of ticket it getting refreshed and advanced to the
future time . i.e the current renewal time + maximum life time .
And what is the difference between renewal of ticket and reloginFromKey .
Thanks in Advance,
Param.
Re: What is the difference between relogInFromKeyTab and renewal of
Kerberos ticket?
Posted by Sean Busbey <bu...@cloudera.com>.
That's correct, it works because after the initial attempt to use the
token fails (due to the timeout and the renewal timeout), a new
kerberos login using the keytab is initiated for the request.
For the difference: "renewal of ticket" is an action that happens
within the Kerberos protocol using a token within that protocol to ask
for the authorization to be extended for more time; "reloginFromKey"
initiates a new Kerberos ticket request (when needed) to get an access
token.
This talk from our Josh Elser at HBaseCon East 2016 provides a good
overview of Kerberos in general and its use in Hadoop / HBase:
https://youtu.be/bJh6m5Od3jE
On Tue, Dec 27, 2016 at 11:38 AM, Paramesh Nc <pa...@gmail.com> wrote:
> Dear All,
>
> I am running program which fetches the records from the secured
> (Kerboraized ) HBase .
>
> And user principal I am using in my program has maximumlife of 30 Seconds
> and maximum renewal life of 1 Minutes .
>
> And I am actually doing an experiment in the test program to understand how
> auto renewal works in Hadoop .
>
> When I am making the thread sleep for every one minute before fetching the
> records it able to fetch the records .
>
> My question here even though auto renewal of ticket is working fine .
>
> Since the maximum renewable life time is 1 minutes when make the thread
> sleep for a miuntes and then fetches the records it still able to fetch the
> records How come this is possible as it violates the basic definition of
> the maximum renewable life time of ticket .
>
> Is it because whenever it performs the reloginFromKeyTab before making an
> RPC call the life time of ticket it getting refreshed and advanced to the
> future time . i.e the current renewal time + maximum life time .
>
> And what is the difference between renewal of ticket and reloginFromKey .
>
> Thanks in Advance,
>
> Param.
--
busbey