storm-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Joseph Evans (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (STORM-345) (Security) AutoTGT renewal is not working
Date Wed, 09 Jul 2014 16:25:05 GMT

     [ https://issues.apache.org/jira/browse/STORM-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Joseph Evans resolved STORM-345.
---------------------------------------

    Resolution: Invalid

I hate the java implementation of kerberos.  Turns out that our krb5.conf had a setting in
it that was forwardable = yes, not forwardable = true.  This was fine for the rest of kerberos,
but mad java think it was not supposed to ask for a forwardable ticket.  So when it got back
the renewed ticket from the KDC something didn't match and it got very angry.

Thanks for all of your help resolving this.

> (Security) AutoTGT renewal is not working
> -----------------------------------------
>
>                 Key: STORM-345
>                 URL: https://issues.apache.org/jira/browse/STORM-345
>             Project: Apache Storm (Incubating)
>          Issue Type: Bug
>            Reporter: Robert Joseph Evans
>            Assignee: Raghavendra Nandagopal
>              Labels: security
>
> AutoTGT will call tgt.refresh(); to try and renew a token, but ever time we try to make
this work the java code blows up with some very odd errors.
> Either we need to find some configurations and document them on how to make this work.
> Rip out the renewal code and update the documentation to explain that the renewal is
not supported.
> Find another way to renew the TGT (Some other library)



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message