Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17159

Make UGI support forceful relogin from keytab ignoring the last login time

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.10.0, 3.3.0, 3.2.1, 3.1.3
    • 3.2.2, 2.10.1, 3.3.1, 3.4.0
    • security
    • None

    Description

      Currently we have a relogin() method in UGI which attempts to login if there is no login attempted in the last 10 minutes or configured amount of time

      We should also have provision for doing a forceful relogin irrespective of the time window that the client can choose to use it if needed . Consider the below scenario:

      1. SASL Server is reimaged and new keytabs are fetched with refreshing the password
      2. SASL client connection to the server would fail when it tries with the cached service ticket
      3. We should try to logout to clear the service tickets in cache and then try to login back in such scenarios. But since the current relogin() doesn't guarantee a login, it could cause an issue
      4. A forceful relogin in this case would help after logout

       

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            sandeep.guggilam Sandeep Guggilam
            sandeep.guggilam Sandeep Guggilam
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m

                Slack

                  Issue deployment