[ https://issues.apache.org/jira/browse/OOZIE-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
abhishek bafna updated OOZIE-2485: ---------------------------------- Fix Version/s: (was: trunk) 4.3.0 > Oozie client keeps trying to use expired auth token > --------------------------------------------------- > > Key: OOZIE-2485 > URL: https://issues.apache.org/jira/browse/OOZIE-2485 > Project: Oozie > Issue Type: Bug > Components: client, security > Affects Versions: trunk > Reporter: Robert Kanter > Assignee: Robert Kanter > Priority: Blocker > Fix For: 4.3.0 > > Attachments: OOZIE-2485.001.patch > > > When using Hadoop 2.4.0 or later, the Oozie client doesn't update the auth > token when it expires. The client doesn't typically give you an error > because it will still fallback and authenticate via Kerberos or Pseudo. > However, this is inefficient. > This appears to be due to HADOOP-10301, which made an incompatible change > with how the AuthHandler tells the Authenticator when a token has expired. > It used to give a 401 when the token expired, but now it will do SPNEGO (if > you have Kerberos credentials) and return a new token, all in the same call. > Oozie client's code doesn't handle that case. > With Pseudo Auth, it behaves a little differently and you now get a 403 on > that first call, but it doesn't give you a new token. -- This message was sent by Atlassian JIRA (v6.3.4#6332)