hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shivram Mani <shivram.m...@gmail.com>
Subject Re: Kerberos re-login from pxf
Date Mon, 09 Jan 2017 19:52:37 GMT
Yes reloginFromKeytab is intended for token renewal purposes.

If the question is about the token needed to talk to the Namenode, as long
as you are using Hadoop RPC you will not need to reloginFromKeytab(). You
can refer to the following discussion thread for more details on this
http://stackoverflow.com/questions/34616676/should-i-call-ugi-
checktgtandreloginfromkeytab-before-every-action-on-hadoop. Speicifically
this "If your application's usage pattern is to login from a keytab and
then perform typical Hadoop RPC calls, then you likely do not need to roll
your own re-login code. The RPC client layer will do it for you."


On Mon, Jan 9, 2017 at 10:56 AM, Kavinder Dhaliwal <kdhaliwal@pivotal.io>
wrote:

> Hi Hawq Devs,
>
> Currently PXF has a known issue where if a kerberos ticket expires while a
> pxf node is active there is no mechanism to re-login and queries simply
> hang. I have a PR currently open:
> https://github.com/apache/incubator-hawq/pull/1075. This fix checks if a
> login has expired whenever PXF is in the process of checking a token and
> logs in if the ticket has expired.
>
> Initially, the API I implemented to re-login was SecureLogin.login() but
> based on offline discussions it seems
> UserGroupInformation.getLoginUser().reloginFromKeytab() is a more
> appropriate approach.
>
> Before going forward with this implementation I want to reach out to the
> hawq community to know if there is a better area in the code to check
> logged in status and to re-initiate a login. Any ideas are appreciated
>
> Thanks,
> Kavinder
>



-- 
shivram mani

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message