[jira] [Commented] (HDFS-3608) fuse_dfs: detect changes in UID ticket cache

Thu, 19 Jul 2012 10:36:36 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-3608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13418484#comment-13418484
 ] 

Aaron T. Myers commented on HDFS-3608:
--------------------------------------

bq. I tested with a Kerberos configuration and I did kinit and kdestroy.

Did you kdestroy/kinit as a different user? Did you confirm that the new ticket 
cache is used after the second kinit?
                
> fuse_dfs: detect changes in UID ticket cache
> --------------------------------------------
>
>                 Key: HDFS-3608
>                 URL: https://issues.apache.org/jira/browse/HDFS-3608
>             Project: Hadoop HDFS
>          Issue Type: Bug
>    Affects Versions: 2.1.0-alpha
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Minor
>         Attachments: HDFS-3608.004.patch, HDFS-3608.006.patch, 
> HDFS-3608.007.patch, HDFS-3608.008.patch
>
>
> Currently in fuse_dfs, if one kinits as some principal "foo" and then does 
> some operation on fuse_dfs, then kdestroy and kinit as some principal "bar", 
> subsequent operations done via fuse_dfs will still use cached credentials for 
> "foo". The reason for this is that fuse_dfs caches Filesystem instances using 
> the UID of the user running the command as the key into the cache.  This is a 
> very uncommon scenario, since it's pretty uncommon for a single user to want 
> to use credentials for several different principals on the same box.
> However, we can use inotify to detect changes in the Kerberos ticket cache 
> file and force the next operation to create a new FileSystem instance in that 
> case.  This will also require a reference counting mechanism in fuse_dfs so 
> that we can free the FileSystem classes when they refer to previous Kerberos 
> ticket caches.
> Another mechanism is to run a stat periodically on the ticket cache file.  
> This is a good fallback mechanism if inotify does not work on the file (for 
> example, because it's on an NFS mount.)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to