hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dyozie <...@git.apache.org>
Subject [GitHub] incubator-hawq-docs pull request #131: Document extending KDC ticket interva...
Date Tue, 10 Oct 2017 23:02:54 GMT
Github user dyozie commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq-docs/pull/131#discussion_r143873572
  
    --- Diff: markdown/clientaccess/kerberos.html.md.erb ---
    @@ -476,7 +476,8 @@ Perform the following steps to configure Kerberos authentication for
specific HA
     
     ### <a id="hawq_kerb_dbaccess"></a>Authenticating User Access to HAWQ 
     
    -When Kerberos user authentication is enabled for HAWQ, users must request a ticket from
the Kerberos KDC server before connecting to HAWQ. You must request the ticket for a principal
matching the requested database user name. When granted, the ticket expires after a set period
of time, after which you will need to request another ticket.
    +When Kerberos user authentication is enabled for HAWQ, users must request a ticket from
the Kerberos KDC server before connecting to HAWQ. You must request the ticket for a principal
matching the requested database user name. When granted, the ticket expires after a set period
of time, after which you must either request another ticket or have the ticket renewed. The
default expiration time is 12 hours, set in the parameter `server_ticket_renew_interval`.
To avoid KDC access issues, the ticket should be renewed before it expires.
    --- End diff --
    
    Should probably add that the actual expiration default/configuration is kerberos software-dependent.


---

Mime
View raw message