You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Steen Manniche (JIRA)" <ji...@apache.org> on 2017/06/20 18:05:00 UTC

[jira] [Created] (HBASE-18243) HBase Thrift server lacks logic for renewing kerberos tickets

Steen Manniche created HBASE-18243:
--------------------------------------

             Summary: HBase Thrift server lacks logic for renewing kerberos tickets
                 Key: HBASE-18243
                 URL: https://issues.apache.org/jira/browse/HBASE-18243
             Project: HBase
          Issue Type: Bug
          Components: Thrift
    Affects Versions: 1.1.2, 2.0.0
            Reporter: Steen Manniche
            Priority: Minor


I have been looking through the hbase-thrift code looking for where
the server performs renewals of kerberos tickets for the provided
principal/keytab. There seems to be no logic in place for renewing tickets.

The hadoop-common provides the class
UserGroupInformation, which exposes the method
{{checkTGTAndReloginFromKeytab}}. I can see that the {{ThriftServerRunner}} class
has a handle to the class
(https://github.com/apache/hbase/blob/master/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java#L205),
but I do not see the ticket renewal logic being called anywhere.

A possible workaround is to renew the ticket outside the java process.

The documentation on the {{checkTGTAndReloginFromKeytab}} states that if the ticket is still valid, a call to the method is essentially a no-op.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)