hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From radarwave <...@git.apache.org>
Subject [GitHub] incubator-hawq-docs pull request #131: Document extending KDC ticket interva...
Date Wed, 11 Oct 2017 10:07:42 GMT
Github user radarwave commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq-docs/pull/131#discussion_r143955400
  
    --- Diff: markdown/clientaccess/kerberos.html.md.erb ---
    @@ -515,6 +516,53 @@ Valid starting     Expires            Service principal
     
     After generating a ticket, you can connect to a HAWQ database as a kerberos-authenticated
user using `psql` or other client programs.
     
    +### <a id="change_ticket"></a>Changing the Ticket Renewal Interval
    +
    +The lifetime of the Kerberos ticket may need to be changed. The ticket lifetime is the
minimum of the following values:
    +
    +* `max_life` in `kdc.conf` on the KDC servers.
    --- End diff --
    
    This is one of the issue user hits, and possible a common issue for integrate HAWQ with
AD KDC, so we'd better keep it.
    
    But I think we don't need to talk details of how to setup '/etc/krb5kdc/kdc.conf', just
doc how to set 'server_ticket_renew_interval' for HAWQ and explain why this change is needed
should be enough.


---

Mime
View raw message