hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xiaoyu Yao (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-13255) KMSClientProvider should check and renew tgt when doing delegation token operations.
Date Sun, 12 Jun 2016 01:26:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15326123#comment-15326123
] 

Xiaoyu Yao edited comment on HADOOP-13255 at 6/12/16 1:26 AM:
--------------------------------------------------------------

Thanks [~xiaochen] for working on this and [~zhz] for the review. I would suggest we fix with
the approach in v1 patch.  

1. V1 patch is correct and less risky. All the change is localized to KMSCientProvider compared
with broader change in DelegationTokenAuthenticator  or KerberosAuthenticator.
 
2. V2 patch below won't be able to handle the proxy user and token user cases as the currentUGI
is not sufficient for these cases. There are a few fixes around KMSClientProvider#actualUGI
to make this right. You can refer to how actualUGI is initialized in KMSClientProvider#KMSClientProvider().


{code}
      UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
{code}





was (Author: xyao):
Thanks [~xiaochen] for working on this and [~zhz] for the review. I would suggest we fix with
the approach in v1 patch.  

1. V1 patch is less ricky. All the change is localized to KMSCientProvider compared with broader
change in DelegationTokenAuthenticator  or KerberosAuthenticator.
 
2. V2 patch below won't be able to handle the proxy user and token user cases as the currentUGI
is not sufficient for these cases. There are a few fixes around KMSClientProvider#actualUGI
to make this right. You can refer to how actualUGI is initialized in KMSClientProvider#KMSClientProvider().


{code}
      UserGroupInformation.getCurrentUser().checkTGTAndReloginFromKeytab();
{code}




> KMSClientProvider should check and renew tgt when doing delegation token operations.
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13255
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13255
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13255.01.patch, HADOOP-13255.02.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message