You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Steen Manniche (JIRA)" <ji...@apache.org> on 2017/06/20 18:05:00 UTC
[jira] [Created] (HBASE-18243) HBase Thrift server lacks logic for
renewing kerberos tickets
Steen Manniche created HBASE-18243:
--------------------------------------
Summary: HBase Thrift server lacks logic for renewing kerberos tickets
Key: HBASE-18243
URL: https://issues.apache.org/jira/browse/HBASE-18243
Project: HBase
Issue Type: Bug
Components: Thrift
Affects Versions: 1.1.2, 2.0.0
Reporter: Steen Manniche
Priority: Minor
I have been looking through the hbase-thrift code looking for where
the server performs renewals of kerberos tickets for the provided
principal/keytab. There seems to be no logic in place for renewing tickets.
The hadoop-common provides the class
UserGroupInformation, which exposes the method
{{checkTGTAndReloginFromKeytab}}. I can see that the {{ThriftServerRunner}} class
has a handle to the class
(https://github.com/apache/hbase/blob/master/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java#L205),
but I do not see the ticket renewal logic being called anywhere.
A possible workaround is to renew the ticket outside the java process.
The documentation on the {{checkTGTAndReloginFromKeytab}} states that if the ticket is still valid, a call to the method is essentially a no-op.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)