[ https://issues.apache.org/jira/browse/KUDU-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Daniel Cryans updated KUDU-2264: ------------------------------------- Code Review: https://gerrit.cloudera.org/#/c/9050/ > Java client should re-login from ticket cache when ticket is expiring > --------------------------------------------------------------------- > > Key: KUDU-2264 > URL: https://issues.apache.org/jira/browse/KUDU-2264 > Project: Kudu > Issue Type: Improvement > Components: client, java, security > Affects Versions: 1.3.1, 1.4.0, 1.5.0, 1.6.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Critical > > Currently, if the Kudu client is used from a thread that has no JAAS Subject > with Kerberos credentials, it will log in from the user's ticket cache (in a > configurable location). > However, if that original ticket expires, then the client will never re-read > the ticket cache. Instead, it will start to get authentication failures, even > if the underlying ticket cache on disk has been updated with new credentials. > This causes big issues in Impala -- Impala starts a thread which reacquires > tickets from its keytab and writes them into its ticket cache, but with > existing versions of Kudu, the client won't pick up these new tickets. Impala > also currently caches Kudu clients "forever". So, after 30 days (or whatever > the ticket lifetime is), Impala will become unable to query Kudu. -- This message was sent by Atlassian JIRA (v7.6.3#76005)