hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-6656) Security framework needs to renew Kerberos tickets while the process is running
Date Tue, 27 Jul 2010 01:50:17 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-6656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12892605#action_12892605
] 

Kan Zhang commented on HADOOP-6656:
-----------------------------------

getTGT() method should be replaced by or merged with SecurityUtil.getTgtFromSubject(). I don't
think getTGT() handles cross-realm case.

Shouldn't User.setLastLogin() and User.getLastLogin() be synchronized methods? In current
code, only synchronized methods in UGI use them, which is fine. But it's safer to synchronize
at User class, and not relying on users of User class to synchronize. Same for other getters
and setters in User.

hasSufficientTimeElapsed() has the side-effect of setting the last login time to now if it
returns true, which is not intuitive to me.

> Security framework needs to renew Kerberos tickets while the process is running
> -------------------------------------------------------------------------------
>
>                 Key: HADOOP-6656
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6656
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Owen O'Malley
>            Assignee: Devaraj Das
>             Fix For: 0.22.0
>
>         Attachments: 6656-trunk-1.patch, 6656-trunk-2.patch, c-6656-y20-internal.patch,
refresh.patch
>
>
> While a client process is running, there should be a thread that periodically renews
the Kerberos credentials to ensure they don't expire.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message