hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benoy Antony (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12332) UserGroupInformation.reloginFromKeytab() timeout can leave UGI in unusable state
Date Thu, 20 Aug 2015 19:54:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705651#comment-14705651
] 

Benoy Antony commented on HADOOP-12332:
---------------------------------------

The decision to prevent immediate reLogin is per design . This is especially desirable under
error scenarios like heavy load or expred keytab.
{code}
  private boolean hasSufficientTimeElapsed(long now) {
    if (now - user.getLastLogin() < kerberosMinSecondsBeforeRelogin ) {
      LOG.warn("Not attempting to re-login since the last re-login was " +
          "attempted less than " + (kerberosMinSecondsBeforeRelogin/1000) +
          " seconds before.");
      return false;
    }
    return true;
  }
{code}

> UserGroupInformation.reloginFromKeytab() timeout can leave UGI in unusable state
> --------------------------------------------------------------------------------
>
>                 Key: HADOOP-12332
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12332
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.6.0
>         Environment: affects all
>            Reporter: john lilley
>            Priority: Minor
>
> UserGroupInformation.reloginFromKeytab() sets the current timestamp before the try:
>     // register most recent relogin attempt
>     user.setLastLogin(now);
>     try {
> If a timeout error occurs during user.login() due to heavy system load, this leaves the
user logged out and unusable, and because it has updated the timestamp, the caller cannot
recover by calling reloginFromKeytab() immediately.
> It may be that timeouts should be considered fatal errors in this case, in which I would
call it "as designed".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message