[jira] [Commented] (HDFS-3608) fuse_dfs: detect changes in UID ticket cache

[Colin Patrick McCabe (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13409988#comment-13409988
 ] 

Colin Patrick McCabe commented on HDFS-3608:
--------------------------------------------

I guess another way to do this would be to have a timer go off every minute or 
so causing the ticket cache files to be marked as "must stat next time."  Of 
course the timer should only be armed when there is actually something in the 
cache in the first place.  That would actually be a reasonable way to do it.  
As a bonus, we could finally dispose of the memory in FileSystem objects after 
a while (something we do not currently do-- even after being used once, they'll 
exist forever right now.)
                
> fuse_dfs: detect changes in UID ticket cache
> --------------------------------------------
>
>                 Key: HDFS-3608
>                 URL: https://issues.apache.org/jira/browse/HDFS-3608
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.0.1-alpha
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Minor
>
> Currently in fuse_dfs, if one kinits as some principal "foo" and then does 
> some operation on fuse_dfs, then kdestroy and kinit as some principal "bar", 
> subsequent operations done via fuse_dfs will still use cached credentials for 
> "foo". The reason for this is that fuse_dfs caches Filesystem instances using 
> the UID of the user running the command as the key into the cache.  This is a 
> very uncommon scenario, since it's pretty uncommon for a single user to want 
> to use credentials for several different principals on the same box.
> However, we can use inotify to detect changes in the Kerberos ticket cache 
> file and force the next operation to create a new FileSystem instance in that 
> case.  This will also require a reference counting mechanism in fuse_dfs so 
> that we can free the FileSystem classes when they refer to previous Kerberos 
> ticket caches.
> Another mechanism is to run a stat periodically on the ticket cache file.  
> This is a good fallback mechanism if inotify does not work on the file (for 
> example, because it's on an NFS mount.)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira