hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Joseph Evans (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2785) Update webhdfs and httpfs for host-based token support
Date Fri, 03 Feb 2012 15:37:53 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2785?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13199780#comment-13199780
] 

Robert Joseph Evans commented on HDFS-2785:
-------------------------------------------

I agree that checkTGTAndReloginFromKeytab is not really necessary, and I am fine with switching
it.  However, If you look at UserGroupInformation.java on trunk checkTGTAndReloginFromKeytab
is the following

{code}
public synchronized void checkTGTAndReloginFromKeytab() throws IOException {
  if (!isSecurityEnabled()
      || user.getAuthenticationMethod() != AuthenticationMethod.KERBEROS
      || !isKeytab)
    return;
  KerberosTicket tgt = getTGT();
  if (tgt != null && System.currentTimeMillis() < getRefreshTime(tgt)) {
    return;
  }
  reloginFromKeytab();
}
{code}
But a few lines down on line 697 inside reloginFromKeytab() we have the exact same check.
{code}
KerberosTicket tgt = getTGT();
//Return if TGT is valid and is not going to expire soon.
if (tgt != null && now < getRefreshTime(tgt)) {
  return;
}
{code}

and sorry if my explanation was confusing before about being consistent with HFTP. I made
the change to be consistent with the version of HFTP from HDFS-2784, which was just merged
to trunk.  In that case getDelegationToken() and renew() call reloginFromKeytab(), and cancel()
calls checkTGTAndReloginFromKeytab(). Which is what the attached patch causes WebHDFS to do
as well.

If you still want me to change it then please let me know so I can update the patch and rerun
my tests.
                
> Update webhdfs and httpfs for host-based token support
> ------------------------------------------------------
>
>                 Key: HDFS-2785
>                 URL: https://issues.apache.org/jira/browse/HDFS-2785
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: name-node, security
>    Affects Versions: 0.24.0, 0.23.1
>            Reporter: Daryn Sharp
>            Assignee: Robert Joseph Evans
>         Attachments: HDFS-2785.txt
>
>
> Need to port 205 tokens into these filesystems.  Will mainly involve ensuring code duplicated
from hftp is updated accordingly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message