ramackri commented on code in PR #1030:
URL: https://github.com/apache/ranger/pull/1030#discussion_r3461259559
##########
audit-server/audit-dispatcher/dispatcher-solr/src/main/resources/conf/ranger-audit-dispatcher-solr-site.xml:
##########
@@ -175,7 +175,7 @@
<property>
<name>xasecure.audit.jaas.Client.option.useTicketCache</name>
- <value>true</value>
+ <value>false</value>
Review Comment:
Plugins / TagSync / UserSync / HDFS dispatcher → UGI keytab; no ticket cache
involved.
JAAS outbound clients (Admin Solr queries, Solr dispatcher, ingestor Kafka,
Kafka plugin) → useTicketCache=false is the correct convention for
keytab-backed daemons, but it is not hardcoded everywhere; Admin relies on
installer/site XML config.
SPNEGO acceptor → useTicketCache=true by design (acceptor role).
The Solr dispatcher was the outlier among long-running audit daemons: JAAS
client + proactive KerberosAction relogin with useTicketCache=true. RANGER-5654
aligns it with ingestor Kafka and the recommended Admin/docker postgres setting.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
