You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@kudu.apache.org by "Tim Armstrong (Code Review)" <ge...@cloudera.org> on 2020/03/10 21:19:42 UTC
[kudu-CR] KUDU-3050: recover from corrupt kerberos ccache
Hello Tidy Bot, Kudu Jenkins, Adar Dembo,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/15394
to look at the new patch set (#4).
Change subject: KUDU-3050: recover from corrupt kerberos ccache
......................................................................
KUDU-3050: recover from corrupt kerberos ccache
This handles two failure modes:
* krb5_cc_start_seq_get() can fail if the kerberos credential cache gets
corrupted on disk, e.g. is truncated.
* the renewal can fail to find a credential in the credential cache,
either if it is missing or the renewal thread hits an error while
reading through credentials.
Also add some additional logging and limit the max backoff time
to make it easier to debug other kinds of renewal errors.
Test:
Add a test that exercises the recovery logic after truncating
the credential cache. The test failed before this change.
Change-Id: I2d6e06c3ea65708896a6bf0134cc84838b3f1b58
---
M src/kudu/integration-tests/security-itest.cc
M src/kudu/security/init.cc
A src/kudu/security/kinit_context.h
M src/kudu/security/test/mini_kdc.cc
M src/kudu/security/test/mini_kdc.h
5 files changed, 191 insertions(+), 62 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/94/15394/4
--
To view, visit http://gerrit.cloudera.org:8080/15394
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I2d6e06c3ea65708896a6bf0134cc84838b3f1b58
Gerrit-Change-Number: 15394
Gerrit-PatchSet: 4
Gerrit-Owner: Tim Armstrong <ta...@cloudera.com>
Gerrit-Reviewer: Adar Dembo <ad...@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)