[
https://issues.apache.org/jira/browse/KUDU-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Daniel Cryans updated KUDU-2264:
-------------------------------------
Code Review: https://gerrit.cloudera.org/#/c/9050/
> Java client should re-login from ticket cache when ticket is expiring
> ---------------------------------------------------------------------
>
> Key: KUDU-2264
> URL: https://issues.apache.org/jira/browse/KUDU-2264
> Project: Kudu
> Issue Type: Improvement
> Components: client, java, security
> Affects Versions: 1.3.1, 1.4.0, 1.5.0, 1.6.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
>
> Currently, if the Kudu client is used from a thread that has no JAAS Subject
> with Kerberos credentials, it will log in from the user's ticket cache (in a
> configurable location).
> However, if that original ticket expires, then the client will never re-read
> the ticket cache. Instead, it will start to get authentication failures, even
> if the underlying ticket cache on disk has been updated with new credentials.
> This causes big issues in Impala -- Impala starts a thread which reacquires
> tickets from its keytab and writes them into its ticket cache, but with
> existing versions of Kudu, the client won't pick up these new tickets. Impala
> also currently caches Kudu clients "forever". So, after 30 days (or whatever
> the ticket lifetime is), Impala will become unable to query Kudu.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
