[ https://issues.apache.org/jira/browse/HDFS-2785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199780#comment-13199780 ]
Robert Joseph Evans commented on HDFS-2785: ------------------------------------------- I agree that checkTGTAndReloginFromKeytab is not really necessary, and I am fine with switching it. However, If you look at UserGroupInformation.java on trunk checkTGTAndReloginFromKeytab is the following {code} public synchronized void checkTGTAndReloginFromKeytab() throws IOException { if (!isSecurityEnabled() || user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS || !isKeytab) return; KerberosTicket tgt = getTGT(); if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) { return; } reloginFromKeytab(); } {code} But a few lines down on line 697 inside reloginFromKeytab() we have the exact same check. {code} KerberosTicket tgt = getTGT(); //Return if TGT is valid and is not going to expire soon. if (tgt != null && now < getRefreshTime(tgt)) { return; } {code} and sorry if my explanation was confusing before about being consistent with HFTP. I made the change to be consistent with the version of HFTP from HDFS-2784, which was just merged to trunk. In that case getDelegationToken() and renew() call reloginFromKeytab(), and cancel() calls checkTGTAndReloginFromKeytab(). Which is what the attached patch causes WebHDFS to do as well. If you still want me to change it then please let me know so I can update the patch and rerun my tests. > Update webhdfs and httpfs for host-based token support > ------------------------------------------------------ > > Key: HDFS-2785 > URL: https://issues.apache.org/jira/browse/HDFS-2785 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: name-node, security > Affects Versions: 0.24.0, 0.23.1 > Reporter: Daryn Sharp > Assignee: Robert Joseph Evans > Attachments: HDFS-2785.txt > > > Need to port 205 tokens into these filesystems. Will mainly involve ensuring > code duplicated from hftp is updated accordingly. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira