Hi Josh, Basically anything with a kerberos ticket could no longer could communicate with anything else after 7 days due to the default config for the kerberos server : renew_lifetime = 7d
The delegation token I believe was the reason for this since it didn't have access to the original service keytab. However, what I want to verify is if delegation tokens play any role in non-kerberized clusters and if there is anything else that might inhibit long running services in that environment. My suspicion is probably not. I'll continue testing. If anyone knows definitively, I'd love to hear about it. Thanks! Tim On Mar 8, 2016 11:13 PM, "Josh Elser" <josh.el...@gmail.com> wrote: > Hi Tim, > > I wish I definitively knew the current state of things, but I don't > anymore. I agree with your assessment though -- there should be no hard > limit (the current docs state this as requirements too, > http://slider.incubator.apache.org/docs/security.html). > > Was the 7-day expiration you referred to in the Slider app-master? Or the > application Slider was running (e.g. HBase)? > > Tim I wrote: > >> Hi all, >> >> My previous experience with Slider is in a Kerberized cluster using Slider >> 0.50.. It required me to restart the apps every 7 days (due to ticket >> expiration). >> >> Based on what I've read, I don't think there is anything preventing a >> non-Kerberized cluster from running apps indefinitely. Is that correct, >> or >> am I missing something? >> >> I'm currently using Hadoop 2.6.0 if it matters. >> >> Thanks, >> >> Tim >> >>
