Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-17159

Make UGI support forceful relogin from keytab ignoring the last login time

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.10.0, 3.3.0, 3.2.1, 3.1.3
    • Fix Version/s: 3.2.2, 2.10.1, 3.3.1, 3.4.0, 3.1.5
    • Component/s: security
    • Labels:
      None

      Description

      Currently we have a relogin() method in UGI which attempts to login if there is no login attempted in the last 10 minutes or configured amount of time

      We should also have provision for doing a forceful relogin irrespective of the time window that the client can choose to use it if needed . Consider the below scenario:

      1. SASL Server is reimaged and new keytabs are fetched with refreshing the password
      2. SASL client connection to the server would fail when it tries with the cached service ticket
      3. We should try to logout to clear the service tickets in cache and then try to login back in such scenarios. But since the current relogin() doesn't guarantee a login, it could cause an issue
      4. A forceful relogin in this case would help after logout

       

        Attachments

          Activity

            People

            • Assignee:
              sandeep.guggilam Sandeep Guggilam
              Reporter:
              sandeep.guggilam Sandeep Guggilam
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 40m
                40m