accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4069) Services failing to renew Kerberos ticket
Date Thu, 03 Dec 2015 06:57:11 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037394#comment-15037394
] 

ASF GitHub Bot commented on ACCUMULO-4069:
------------------------------------------

GitHub user joshelser opened a pull request:

    https://github.com/apache/accumulo/pull/57

    ACCUMULO-4069 Ensure Kerberos relogins occur on server side and clien…

    …t side.
    
    Changes for 1.7 and 1.8. If we want to land in 1.6, we'll have to rip out a lot of stuff
that just doesn't exist (I think a cherrypick merge -sours would just be easier).
    
    I know much of this is probably greek. I tried to make lots of good comments which describe
what's happening and why we need to make these additions. I'd welcome feedback where context
is lacking.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/joshelser/accumulo ACCUMULO-4069-krb-renewal

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/accumulo/pull/57.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #57
    
----
commit 3d7e874a7d522b0bb398b5848d3f6e941df0b970
Author: Josh Elser <elserj@apache.org>
Date:   2015-12-03T06:53:27Z

    ACCUMULO-4069 Ensure Kerberos relogins occur on server side and client side.

----


> Services failing to renew Kerberos ticket
> -----------------------------------------
>
>                 Key: ACCUMULO-4069
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4069
>             Project: Accumulo
>          Issue Type: Bug
>          Components: gc, master, monitor, tserver
>    Affects Versions: 1.5.4, 1.6.4, 1.7.0
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>              Labels: kerberos
>             Fix For: 1.6.5, 1.7.1, 1.8.0
>
>
> Got a report from a user that Accumulo services were dying after a period of time that
was suspiciously similar to the Kerberos ticket lifetime.
> A Kerberos ticket lifetime is the amount of time that the ticket is valid (obtained from
password or keytab). There is also a renewable lifetime associate with each ticket. Within
the renewable lifetime duration, clients can "renew" their ticket for another "ticket lifetime"
duration. For each, a lifetime of one day and a renewable lifetime of seven days: a ticket
is valid for one day, but clients can renew that ticket up to 6 days after the original ticket
expires.
> I do recall seeing a line of code in our services that has a comment saying it should
spawn a thread specifically for this purpose, but I don't ever recall seeing that thread in
thread dumps. My hunch is that the thread just isn't getting launched and we're not doing
renewals



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message