hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steen Manniche (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-18243) HBase Thrift server lacks logic for renewing kerberos tickets
Date Tue, 20 Jun 2017 18:05:00 GMT
Steen Manniche created HBASE-18243:
--------------------------------------

             Summary: HBase Thrift server lacks logic for renewing kerberos tickets
                 Key: HBASE-18243
                 URL: https://issues.apache.org/jira/browse/HBASE-18243
             Project: HBase
          Issue Type: Bug
          Components: Thrift
    Affects Versions: 1.1.2, 2.0.0
            Reporter: Steen Manniche
            Priority: Minor


I have been looking through the hbase-thrift code looking for where
the server performs renewals of kerberos tickets for the provided
principal/keytab. There seems to be no logic in place for renewing tickets.

The hadoop-common provides the class
UserGroupInformation, which exposes the method
{{checkTGTAndReloginFromKeytab}}. I can see that the {{ThriftServerRunner}} class
has a handle to the class
(https://github.com/apache/hbase/blob/master/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java#L205),
but I do not see the ticket renewal logic being called anywhere.

A possible workaround is to renew the ticket outside the java process.

The documentation on the {{checkTGTAndReloginFromKeytab}} states that if the ticket is still
valid, a call to the method is essentially a no-op.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message