[HADOOP-17159] Make UGI support forceful relogin from keytab ignoring the last login time - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.10.0, 3.3.0, 3.2.1, 3.1.3
Fix Version/s: 3.2.2, 2.10.1, 3.3.1, 3.4.0
Component/s: security
Labels:
None

Target Version/s:

3.1.4, 3.2.2, 2.10.1, 3.3.1, 3.4.0
Hadoop Flags:

Reviewed

Description

Currently we have a relogin() method in UGI which attempts to login if there is no login attempted in the last 10 minutes or configured amount of time

We should also have provision for doing a forceful relogin irrespective of the time window that the client can choose to use it if needed . Consider the below scenario:

SASL Server is reimaged and new keytabs are fetched with refreshing the password
SASL client connection to the server would fail when it tries with the cached service ticket
We should try to logout to clear the service tickets in cache and then try to login back in such scenarios. But since the current relogin() doesn't guarantee a login, it could cause an issue
A forceful relogin in this case would help after logout

Attachments

Issue Links

links to

https://github.com/apache/hadoop/pull/2245

https://github.com/apache/hadoop/pull/2249

Activity

People

Assignee:: Sandeep Guggilam

Reporter:: Sandeep Guggilam

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 28/Jul/20 01:45

Updated:: 10/Jun/21 07:56

Resolved:: 27/Aug/20 22:22

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

40m