storm-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sriharsha Chintalapani (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (STORM-345) (Security) AutoTGT renewal is not working
Date Tue, 08 Jul 2014 23:39:04 GMT

    [ https://issues.apache.org/jira/browse/STORM-345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14055674#comment-14055674
] 

Sriharsha Chintalapani commented on STORM-345:
----------------------------------------------

[~revans2] I was able to test it by using the following conf in kerberos
   ccache_type = 4
   forwardable = true
   proxiable = true
   udp_preference_limit = 1
   ticket_lifetime = 5m
   renew_lifetime = 10m

and changing AutoTGT main to
 public static void main(String[] args) throws Exception {
        AutoTGT at = new AutoTGT();
        Map conf = new java.util.HashMap();
        conf.put("java.security.auth.login.config", args[0]);
        at.prepare(conf);
        Map<String,String> creds = new java.util.HashMap<String,String>();
        at.populateCredentials(creds);
        Subject s = new Subject();
        at.populateSubject(s, creds);
        System.out.println("Got a Subject "+s);
        Thread.sleep(360000);
        at.renew(creds);
        System.out.println("Got a Subject "+s);
    }
and my jaas.conf

StormClient {
   com.sun.security.auth.module.Krb5LoginModule required
   useKeyTab=true
   keyTab="/vagrant/keytabs/harsha.keytab"
   useTicketCache=true
   renewTicket=true
   serviceName="nimbus"
   debug=true
   principal="harsha/zookeeper.witzend.com@WITZEND.COM";
};

I did kinit -k -t /vagrant/keytabs/harsha.keytab harsha/zookeeper.witzend.com@WITZEND.COM
before running AutoTGT . I am able to renew ticket before and after ticket_lifetime .

> (Security) AutoTGT renewal is not working
> -----------------------------------------
>
>                 Key: STORM-345
>                 URL: https://issues.apache.org/jira/browse/STORM-345
>             Project: Apache Storm (Incubating)
>          Issue Type: Bug
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>              Labels: security
>
> AutoTGT will call tgt.refresh(); to try and renew a token, but ever time we try to make
this work the java code blows up with some very odd errors.
> Either we need to find some configurations and document them on how to make this work.
> Rip out the renewal code and update the documentation to explain that the renewal is
not supported.
> Find another way to renew the TGT (Some other library)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message