[jira] [Commented] (HADOOP-9567) Provide auto-renewal for keytab based logins

Thu, 23 Aug 2018 16:33:44 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-9567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16590932#comment-16590932
 ] 

Hrishikesh Gadre commented on HADOOP-9567:
------------------------------------------

[~ghelmling] Are you planning to work on this jira? If not, I would like to 
assign it to myself. I have attached a patch against trunk (File: 
HADOOP-9567-001.patch) using your patch as a reference.

This patch implements
 * A property to enable/disable auto-renewal for keytab based logins. By 
default the auto renewal is disabled for backwards compatibility.
 * Changed the implementation to use ExecutorService (instead of Thread) so as 
to facilitate the shutdown when the user logs out.
 * The current implementation for ticket cache based renewal spawns the thread 
as part of the getLoginUser() API in UGI class. This doesn't work for keytab 
based logins since loginUser reference is already initialized as part of the 
earlier invocation of loginByKeytab API. Hence for keytab based logins, the 
logic to spawn auto-renewal thread is implemented in loginByKeytab API.
 * New unit tests are added for this functionality as well as updated existing 
tests whenever necessary.

[~daryn] could you please review this patch as you have made changes in this 
area recently ?

> Provide auto-renewal for keytab based logins
> --------------------------------------------
>
>                 Key: HADOOP-9567
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9567
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Harsh J
>            Assignee: Gary Helmling
>            Priority: Minor
>         Attachments: HADOOP-9567-001.patch, HADOOP-9567.branch-2.7.001.patch
>
>
> We do a renewal for cached tickets (obtained via kinit before using a Hadoop 
> application) but we explicitly seem to avoid doing a renewal for keytab based 
> logins (done from within the client code) when we could do that as well via a 
> similar thread.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to