> On 10 Mar 2016, at 16:42, Tim I wrote:
>
> Jon,
>
> That's consistent with my experience:
>
> From a kerberos prespective, you can renew a ticket within the renewal
> window (default 24 hours I think)
>
> You can only renew the ticket up to the KDC's setting for 'renew_lifetime'
> (which I
Jon,
That's consistent with my experience:
>From a kerberos prespective, you can renew a ticket within the renewal
window (default 24 hours I think)
You can only renew the ticket up to the KDC's setting for 'renew_lifetime'
(which I believe defaults to 7 days). After that point, you need a new
On Mar 9, 2016, at 11:19 PM, Josh Elser
mailto:josh.el...@gmail.com>> wrote:
Aww, thanks for the kind words to close it out :). Glad to hear it's worked
well for you.
Just to share some Kerberos knowledge (and dispel any misinformation), any
application which stops working after the default t
Aww, thanks for the kind words to close it out :). Glad to hear it's
worked well for you.
Just to share some Kerberos knowledge (and dispel any misinformation),
any application which stops working after the default ticket lifetime is
"doing it wrong" (tm). Like Steve pointed out, this is why r
Great! Thank you all.
Regarding 0.50, it's been a while, but I recall back porting a couple of
fixes to get my cluster up. IIRC, that was primarily related to kerberos
fixes for instantiating the cluster.
In 0.50 (+ the patches) accumulo and storm required a restart after 7
days. Barring that
> On 9 Mar 2016, at 13:59, Jon Maron wrote:
>
>>
>> On Mar 8, 2016, at 11:36 PM, Tim I wrote:
>>
>> Hi Josh,
>> Basically anything with a kerberos ticket could no longer could communicate
>> with anything else after 7 days due to the default config for the kerberos
>> server :
>> renew_lifeti
> On Mar 8, 2016, at 11:36 PM, Tim I wrote:
>
> Hi Josh,
> Basically anything with a kerberos ticket could no longer could communicate
> with anything else after 7 days due to the default config for the kerberos
> server :
> renew_lifetime = 7d
>
> The delegation token I believe was the reason
Hi Josh,
Basically anything with a kerberos ticket could no longer could communicate
with anything else after 7 days due to the default config for the kerberos
server :
renew_lifetime = 7d
The delegation token I believe was the reason for this since it didn't have
access to the original service ke
Hi Tim,
I wish I definitively knew the current state of things, but I don't
anymore. I agree with your assessment though -- there should be no hard
limit (the current docs state this as requirements too,
http://slider.incubator.apache.org/docs/security.html).
Was the 7-day expiration you ref
Hi all,
My previous experience with Slider is in a Kerberized cluster using Slider
0.50.. It required me to restart the apps every 7 days (due to ticket
expiration).
Based on what I've read, I don't think there is anything preventing a
non-Kerberized cluster from running apps indefinitely. Is t
10 matches
Mail list logo
