You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/02/05 16:43:39 UTC
[jira] [Created] (HADOOP-12770) KMSClientProvider
addDelegationTokens won't add if the credentials contain an expired one
Steve Loughran created HADOOP-12770:
---------------------------------------
Summary: KMSClientProvider addDelegationTokens won't add if the credentials contain an expired one
Key: HADOOP-12770
URL: https://issues.apache.org/jira/browse/HADOOP-12770
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 2.8.0
Reporter: Steve Loughran
{{KMSClientProvider addDelegationTokens}} adds delegation tokens —but skips that step if the provided credentials already have one for the service.
There is no check to see if the existing one is actually valid; if the credentials have an expired one, then you don't get a new token.
There is a workaround: caller has to filter token list and strip out expired tokens. But to do that, they need to know this issue exists.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)