hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Koert Kuipers <ko...@tresata.com>
Subject Re: kerberos ticket renewal for hadoop services
Date Mon, 30 Jun 2014 02:03:00 GMT
thanks! it makes sense to use loginUserFromKeytab initially and then
checkTGTAndReloginFromKeytab or reloginFromKeytab periodically.  i will try
to find the usage of these in the code for the services such as namenode (a
quick grep doesnt show these relogin functions being called...)


On Sun, Jun 29, 2014 at 8:52 PM, Geoff Thompson <geoff@bearpeak.com> wrote:

> Hi Koert,
>
> I don’t have an example. However, perhaps class
> org.apache.hadoop.security.UserGroupInformation has what you need. Some
> relevant methods are:
> reloginFromKeytab()
> reloginFromTicketCache()
> loginUserFromKeytab(String user, String path)
>
> Geoff
>
> On Jun 29, 2014, at 5:50 PM, Koert Kuipers <koert@tresata.com> wrote:
>
> how do long lived services such as the namenode or yarn resourcemanager
> deal with kerberos ticket expiration for the user that runs the service?
>
> do they periodically renew/refresh their tickets by calling
> SecurityUtil.login(conf, keytab, user, host)?
>
> where can i find an example the code that handles this (in NameNode.java
> its easy to find the initial login but i cannot find the code that handles
> with expiration/renewal/refresh of tickets)?
>
> thanks! koert
>
>
>

Mime
View raw message