hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4548) Webhdfs doesn't renegotiate SPNEGO token
Date Wed, 03 Apr 2013 13:47:16 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620928#comment-13620928

Daryn Sharp commented on HDFS-4548:

bq. [...] not to commit changes that will be undo right the way.

Regarding this point, all we're debating is the 1 line I moved from renew and cancel token
into the open connection.  This is to ensure that getting a token is also using a valid TGT
instead of implicitly assuming something else refreshed the TGT.  In no way did I really change
the pre-existing behavior, and it's the same long-standing behavior of hftp.  Any change would
be an enhancement that shouldn't block this jira.

More info on why UGI works the way it does:  The renewal thread runs for ticket cache TGTs
because it _must_ renew before the TGT expires or it's game over - a new TGT can't be acquired
without the user's creds.  Keytab logins do lazy refresh of TGTs because it can acquire a
new TGT with the keytab creds.

> Webhdfs doesn't renegotiate SPNEGO token
> ----------------------------------------
>                 Key: HDFS-4548
>                 URL: https://issues.apache.org/jira/browse/HDFS-4548
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>    Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch,
HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch, HDFS-4548.patch, HDFS-4548.patch, HDFS-4548.patch,
HDFS-4548.patch, HDFS-4548.patch
> When the webhdfs SPNEGO token expires, the fs doesn't attempt to renegotiate a new SPNEGO
token.  This renders webhdfs unusable for daemons that are logged in via a keytab which would
allow a new SPNEGO token to be generated.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message