[
https://issues.apache.org/jira/browse/KUDU-3178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Serbin updated KUDU-3178:
--------------------------------
Summary: Terminate connections which have been open for long time (was:
Terminate connections which have been open for longer than authn token
expiration period)
> Terminate connections which have been open for long time
> --------------------------------------------------------
>
> Key: KUDU-3178
> URL: https://issues.apache.org/jira/browse/KUDU-3178
> Project: Kudu
> Issue Type: Improvement
> Components: master, security, tserver
> Reporter: Alexey Serbin
> Priority: Major
>
> A Kudu client can open a connection to {{kudu-master}} or {{kudu-tserver}}
> and keep that connection open indefinitely by issuing some method at least
> once every {{\-\-rpc_default_keepalive_time_ms}} interval (e.g., call
> {{Ping()}} method). This means there isn't a limit on how long an client can
> have access to cluster once it's authenticated, unless {{kudu-master}} and
> {{kudu-tserver}} processes are restarted. When fine-grained authorization if
> enforced, this issue is really benign because such lingering clients are
> unable to call any methods that require authz token to be provided.
> It would be nice to address this by providing an option to terminate
> connections which were established long time ago. Both the interval of the
> maximum connection lifetime and whether to terminate over-the-TTL connections
> should be controlled by flags.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
