accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4493) Shell should be able to use keytab login
Date Mon, 10 Oct 2016 22:28:20 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15563735#comment-15563735
] 

Josh Elser commented on ACCUMULO-4493:
--------------------------------------

bq. Do you know if it's possible to renew outside the shell process to get things going again
for a long-running shell?

It.. should be. I don't think I've ever tried to do this, but we should have access to the
ticket cache (either in the default location or via the {{KRB5CCNAME}} environment variable),
which should be all that we need. There is a call {{UserGroupInformation#reloginFromTicketCache()}},
but I'm not sure how (if at all) UGI would know about the ticket in the ticket cache (from
the kinit). Might be some sort of disconnect since it's essentially found automatically by
JAAS (instead of explicitly logged-in by the Accumulo shell).

bq. Users should be able to launch the shell in a kerberos deployment using a keytab.

So really, we're just adding another argument to the shell to let the user provide a keytab
and then do a normal login+renewal? Makes sense.

> Shell should be able to use keytab login
> ----------------------------------------
>
>                 Key: ACCUMULO-4493
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4493
>             Project: Accumulo
>          Issue Type: New Feature
>          Components: shell
>            Reporter: Sean Busbey
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> Users should be able to launch the shell in a kerberos deployment using a keytab.
> current workaround: use the system shell to kinit with the keytab, then launch the shell,
then kdestroy
> Workaround doesn't allow re-login from keytab for long running shell.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message