You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Gary Helmling (JIRA)" <ji...@apache.org> on 2016/03/25 01:03:25 UTC
[jira] [Updated] (HADOOP-9567) Provide auto-renewal for keytab
based logins
[ https://issues.apache.org/jira/browse/HADOOP-9567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Helmling updated HADOOP-9567:
----------------------------------
Attachment: HADOOP-9567.branch-2.7.001.patch
This patch changes UserGroupInformation to launch a background thread to relogin when logged in from a keytab. The patch is against branch-2.7, as that is where I have been testing. I can follow up with a patch against trunk.
This also makes the background thread more resilient to login failures, and adds the ability to explicitly stop the background thread for both keytab and credential cache based logins.
The frequency of update checks is configured via a new property "hadoop.user.ticket.renewal.interval". Setting this to <= 0 disables the background thread from launching.
> Provide auto-renewal for keytab based logins
> --------------------------------------------
>
> Key: HADOOP-9567
> URL: https://issues.apache.org/jira/browse/HADOOP-9567
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Assignee: Gary Helmling
> Priority: Minor
> Attachments: HADOOP-9567.branch-2.7.001.patch
>
>
> We do a renewal for cached tickets (obtained via kinit before using a Hadoop application) but we explicitly seem to avoid doing a renewal for keytab based logins (done from within the client code) when we could do that as well via a similar thread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)