RANGER-2007: ranger-tagsync's Kerberos ticket fails to renew
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/92bdc78f Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/92bdc78f Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/92bdc78f Branch: refs/heads/ranger-0.7 Commit: 92bdc78f3c05d92316f9d1bb1c304f374a790b89 Parents: 3d43020 Author: Abhay Kulkarni <[email protected]> Authored: Mon Mar 5 17:02:57 2018 -0800 Committer: Abhay Kulkarni <[email protected]> Committed: Wed Sep 26 16:59:41 2018 -0700 ---------------------------------------------------------------------- .../ranger/tagsync/process/TagSynchronizer.java | 33 +++++++------------- 1 file changed, 12 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/92bdc78f/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java ---------------------------------------------------------------------- diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java index b07cd34..612dd64 100644 --- a/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java +++ b/tagsync/src/main/java/org/apache/ranger/tagsync/process/TagSynchronizer.java @@ -28,7 +28,6 @@ import org.apache.log4j.Logger; import org.apache.ranger.tagsync.model.TagSink; import org.apache.ranger.tagsync.model.TagSource; -import javax.security.auth.Subject; import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -380,31 +379,23 @@ public class TagSynchronizer { if (LOG.isDebugEnabled()) { LOG.debug("Trying to get kerberos identitiy"); } - Subject subject = null; - try { - subject = SecureClientLogin.loginUserFromKeytab(principal, keytab, nameRules); - } catch(IOException exception) { - LOG.error("Could not get Subject from principal:[" + principal + "], keytab:[" + keytab + "], nameRules:[" + nameRules + "]", exception); - } UserGroupInformation kerberosIdentity; - if (subject != null) { - try { - UserGroupInformation.loginUserFromSubject(subject); - kerberosIdentity = UserGroupInformation.getLoginUser(); - if (kerberosIdentity != null) { - props.put(TagSyncConfig.TAGSYNC_KERBEROS_IDENTITY, kerberosIdentity.getUserName()); - if (LOG.isDebugEnabled()) { - LOG.debug("Got UGI, user:[" + kerberosIdentity.getUserName() + "]"); - } - ret = true; - } else { - LOG.error("KerberosIdentity is null!"); + try { + UserGroupInformation.loginUserFromKeytab(principal, keytab); + kerberosIdentity = UserGroupInformation.getLoginUser(); + if (kerberosIdentity != null) { + props.put(TagSyncConfig.TAGSYNC_KERBEROS_IDENTITY, kerberosIdentity.getUserName()); + if (LOG.isDebugEnabled()) { + LOG.debug("Got UGI, user:[" + kerberosIdentity.getUserName() + "]"); } - } catch (IOException exception) { - LOG.error("Failed to get UGI from Subject:[" + subject + "]", exception); + ret = true; + } else { + LOG.error("KerberosIdentity is null!"); } + } catch (IOException exception) { + LOG.error("Failed to get UGI from principal:[" + principal + "], and keytab:[" + keytab + "]", exception); } } else { if (LOG.isDebugEnabled()) {
