You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/05 16:43:39 UTC

[jira] [Created] (HADOOP-12770) KMSClientProvider addDelegationTokens won't add if the credentials contain an expired one

Steve Loughran created HADOOP-12770:
---------------------------------------

             Summary: KMSClientProvider addDelegationTokens won't add if the credentials contain an expired one
                 Key: HADOOP-12770
                 URL: https://issues.apache.org/jira/browse/HADOOP-12770
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
    Affects Versions: 2.8.0
            Reporter: Steve Loughran


{{KMSClientProvider addDelegationTokens}} adds delegation tokens —but skips that step if the provided credentials already have one for the service.

There is no check to see if the existing one is actually valid; if the credentials have an expired one, then you don't get a new token.

There is a workaround: caller has to filter token list and strip out expired tokens. But to do that, they need to know this issue exists.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)