[jira] [Commented] (HDFS-2785) Update webhdfs and httpfs for host-based token support

Fri, 03 Feb 2012 07:38:16 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-2785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199780#comment-13199780
 ] 

Robert Joseph Evans commented on HDFS-2785:
-------------------------------------------

I agree that checkTGTAndReloginFromKeytab is not really necessary, and I am 
fine with switching it.  However, If you look at UserGroupInformation.java on 
trunk checkTGTAndReloginFromKeytab is the following

{code}
public synchronized void checkTGTAndReloginFromKeytab() throws IOException {
  if (!isSecurityEnabled()
      || user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS
      || !isKeytab)
    return;
  KerberosTicket tgt = getTGT();
  if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) {
    return;
  }
  reloginFromKeytab();
}
{code}
But a few lines down on line 697 inside reloginFromKeytab() we have the exact 
same check.
{code}
KerberosTicket tgt = getTGT();
//Return if TGT is valid and is not going to expire soon.
if (tgt != null && now < getRefreshTime(tgt)) {
  return;
}
{code}

and sorry if my explanation was confusing before about being consistent with 
HFTP. I made the change to be consistent with the version of HFTP from 
HDFS-2784, which was just merged to trunk.  In that case getDelegationToken() 
and renew() call reloginFromKeytab(), and cancel() calls 
checkTGTAndReloginFromKeytab(). Which is what the attached patch causes WebHDFS 
to do as well.

If you still want me to change it then please let me know so I can update the 
patch and rerun my tests.
                
> Update webhdfs and httpfs for host-based token support
> ------------------------------------------------------
>
>                 Key: HDFS-2785
>                 URL: https://issues.apache.org/jira/browse/HDFS-2785
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: name-node, security
>    Affects Versions: 0.24.0, 0.23.1
>            Reporter: Daryn Sharp
>            Assignee: Robert Joseph Evans
>         Attachments: HDFS-2785.txt
>
>
> Need to port 205 tokens into these filesystems.  Will mainly involve ensuring 
> code duplicated from hftp is updated accordingly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to