hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6656) Security framework needs to renew Kerberos tickets while the process is running
Date Tue, 27 Jul 2010 19:34:16 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12892904#action_12892904
] 

Kan Zhang commented on HADOOP-6656:
-----------------------------------

Sorry, I now see why you didn't use SecurityUtil.getTgtFromSubject() in the first place. You
already have a "subject" to work with. For this reason I think it's better to use your original
code, since I'm not sure what your AccessControlContext is when you call getTgtFromSubject().
But I like your way of figuring out whether a ticket is an original TGT. Is it possible to
share that logic with SecurityUtil.isOriginalTgt()?

Otherwise, +1 for the patch.

> Security framework needs to renew Kerberos tickets while the process is running
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-6656
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6656
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Owen O'Malley
>            Assignee: Devaraj Das
>             Fix For: 0.22.0
>
>         Attachments: 6656-trunk-1.patch, 6656-trunk-2.patch, 6656-trunk-3.patch, c-6656-y20-internal.patch,
refresh.patch
>
>
> While a client process is running, there should be a thread that periodically renews
the Kerberos credentials to ensure they don't expire.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message