Return-Path: Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: (qmail 15947 invoked from network); 31 Aug 2010 22:24:16 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 31 Aug 2010 22:24:16 -0000 Received: (qmail 30911 invoked by uid 500); 31 Aug 2010 22:24:16 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 30843 invoked by uid 500); 31 Aug 2010 22:24:15 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 30827 invoked by uid 99); 31 Aug 2010 22:24:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Aug 2010 22:24:15 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 31 Aug 2010 22:24:15 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o7VMNtrE027791 for ; Tue, 31 Aug 2010 22:23:55 GMT Message-ID: <16404470.102631283293435071.JavaMail.jira@thor> Date: Tue, 31 Aug 2010 18:23:55 -0400 (EDT) From: "Kan Zhang (JIRA)" To: hdfs-issues@hadoop.apache.org Subject: [jira] Created: (HDFS-1364) HFTP client should support relogin from keytab MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 HFTP client should support relogin from keytab ---------------------------------------------- Key: HDFS-1364 URL: https://issues.apache.org/jira/browse/HDFS-1364 Project: Hadoop HDFS Issue Type: Bug Components: security Reporter: Kan Zhang Assignee: Kan Zhang If a user starts a long-running HFTP client using a keytab, we should do relogin automatically whenever TGT expires. Currently, HFTP client uses TGT to fetch a delegation token and cache that delegation token for HFTP operations. The delegation token is automatically renewed/refetched using TGT. However, when TGT expires, delegation token renewal/refetch will fail and no further HFTP operation is possible. This is unsatisfactory since the user has given us her keytab. We should be able to relogin from keytab and continue. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.