[
https://issues.apache.org/jira/browse/HADOOP-13255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15326123#comment-15326123
]
Xiaoyu Yao commented on HADOOP-13255:
-------------------------------------
Thanks [~xiaochen] for working on this and [~zhz] for the review. I would
suggest we fix with the approach in v1 patch.
1. V1 patch is less ricky. All the change is localized to KMSCientProvider
compared with broader change in DelegationTokenAuthenticator or
KerberosAuthenticator.
2. V2 patch below won't be able to handle the proxy user and token user cases
as the currentUGI is not sufficient for these cases. There are a few fixes
around KMSClientProvider#actualUGI to make this right. You can refer to how
actualUGI is initialized in KMSClientProvider#KMSClientProvider().
{code}
UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
{code}
> KMSClientProvider should check and renew tgt when doing delegation token
> operations.
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-13255
> URL: https://issues.apache.org/jira/browse/HADOOP-13255
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13255.01.patch, HADOOP-13255.02.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
