Hadoop Common
  1. Hadoop Common
  2. HADOOP-6656

Security framework needs to renew Kerberos tickets while the process is running

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: None
    • Labels:
      None

      Description

      While a client process is running, there should be a thread that periodically renews the Kerberos credentials to ensure they don't expire.

      1. refresh.patch
        19 kB
        Owen O'Malley
      2. c-6656-y20-internal.patch
        7 kB
        Owen O'Malley
      3. 6656-trunk-4.patch
        22 kB
        Devaraj Das
      4. 6656-trunk-4.patch
        22 kB
        Devaraj Das
      5. 6656-trunk-4.patch
        22 kB
        Devaraj Das
      6. 6656-trunk-4.patch
        21 kB
        Devaraj Das
      7. 6656-trunk-3.patch
        18 kB
        Devaraj Das
      8. 6656-trunk-2.patch
        17 kB
        Devaraj Das
      9. 6656-trunk-1.patch
        18 kB
        Devaraj Das

        Activity

        Hide
        Owen O'Malley added a comment -

        This patch is for yahoo 20s and uses an external kinit -R to renew the tickets.

        Show
        Owen O'Malley added a comment - This patch is for yahoo 20s and uses an external kinit -R to renew the tickets.
        Hide
        Owen O'Malley added a comment -

        This patch is for y20s and shouldn't be committed.

        This seems like it it should work, but doesn't for me. I get a stream modified exception during the renewal. Any suggestions?

        Show
        Owen O'Malley added a comment - This patch is for y20s and shouldn't be committed. This seems like it it should work, but doesn't for me. I get a stream modified exception during the renewal. Any suggestions?
        Hide
        Devaraj Das added a comment -

        +1 (on the refresh.patch)

        Show
        Devaraj Das added a comment - +1 (on the refresh.patch)
        Hide
        Devaraj Das added a comment -

        Attaching the trunk patch. Unfortunately, I realized towards the end that the patch requires the "common" part of MAPREDUCE-1566 to be committed first. So this won't compile now but should merge cleanly once the common part of MAPREDUCE-1566 patch is committed.

        Show
        Devaraj Das added a comment - Attaching the trunk patch. Unfortunately, I realized towards the end that the patch requires the "common" part of MAPREDUCE-1566 to be committed first. So this won't compile now but should merge cleanly once the common part of MAPREDUCE-1566 patch is committed.
        Hide
        Devaraj Das added a comment -

        Attaching a patch w.r.t the current trunk.

        Show
        Devaraj Das added a comment - Attaching a patch w.r.t the current trunk.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450347/6656-trunk-2.patch
        against trunk revision 967220.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450347/6656-trunk-2.patch against trunk revision 967220. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/630/console This message is automatically generated.
        Hide
        Kan Zhang added a comment -

        getTGT() method should be replaced by or merged with SecurityUtil.getTgtFromSubject(). I don't think getTGT() handles cross-realm case.

        Shouldn't User.setLastLogin() and User.getLastLogin() be synchronized methods? In current code, only synchronized methods in UGI use them, which is fine. But it's safer to synchronize at User class, and not relying on users of User class to synchronize. Same for other getters and setters in User.

        hasSufficientTimeElapsed() has the side-effect of setting the last login time to now if it returns true, which is not intuitive to me.

        Show
        Kan Zhang added a comment - getTGT() method should be replaced by or merged with SecurityUtil.getTgtFromSubject(). I don't think getTGT() handles cross-realm case. Shouldn't User.setLastLogin() and User.getLastLogin() be synchronized methods? In current code, only synchronized methods in UGI use them, which is fine. But it's safer to synchronize at User class, and not relying on users of User class to synchronize. Same for other getters and setters in User. hasSufficientTimeElapsed() has the side-effect of setting the last login time to now if it returns true, which is not intuitive to me.
        Hide
        Kan Zhang added a comment -

        > I don't think getTGT() handles cross-realm case.
        Sorry, it does. But I still recommend it to be merged with SecurityUtil.getTgtFromSubject().

        Show
        Kan Zhang added a comment - > I don't think getTGT() handles cross-realm case. Sorry, it does. But I still recommend it to be merged with SecurityUtil.getTgtFromSubject().
        Hide
        Devaraj Das added a comment -

        Addressing Kan's comments..

        Show
        Devaraj Das added a comment - Addressing Kan's comments..
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450614/6656-trunk-3.patch
        against trunk revision 979785.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450614/6656-trunk-3.patch against trunk revision 979785. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/641/console This message is automatically generated.
        Hide
        Kan Zhang added a comment -

        Sorry, I now see why you didn't use SecurityUtil.getTgtFromSubject() in the first place. You already have a "subject" to work with. For this reason I think it's better to use your original code, since I'm not sure what your AccessControlContext is when you call getTgtFromSubject(). But I like your way of figuring out whether a ticket is an original TGT. Is it possible to share that logic with SecurityUtil.isOriginalTgt()?

        Otherwise, +1 for the patch.

        Show
        Kan Zhang added a comment - Sorry, I now see why you didn't use SecurityUtil.getTgtFromSubject() in the first place. You already have a "subject" to work with. For this reason I think it's better to use your original code, since I'm not sure what your AccessControlContext is when you call getTgtFromSubject(). But I like your way of figuring out whether a ticket is an original TGT. Is it possible to share that logic with SecurityUtil.isOriginalTgt()? Otherwise, +1 for the patch.
        Hide
        Devaraj Das added a comment -

        Addressed Kan's comments..

        Show
        Devaraj Das added a comment - Addressed Kan's comments..
        Hide
        Devaraj Das added a comment -

        This patch has some improved javadocs.

        Show
        Devaraj Das added a comment - This patch has some improved javadocs.
        Hide
        Kan Zhang added a comment -

        +1.

        Show
        Kan Zhang added a comment - +1.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450781/6656-trunk-4.patch
        against trunk revision 980271.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 6 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 1 new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450781/6656-trunk-4.patch against trunk revision 980271. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 1 new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/646/console This message is automatically generated.
        Hide
        Devaraj Das added a comment -

        Attaching a patch fixing the findbugs warning. The javadoc warning is unrelated.

        Show
        Devaraj Das added a comment - Attaching a patch fixing the findbugs warning. The javadoc warning is unrelated.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450783/6656-trunk-4.patch
        against trunk revision 980271.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 6 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 1 new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450783/6656-trunk-4.patch against trunk revision 980271. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 1 new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/647/console This message is automatically generated.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450785/6656-trunk-4.patch
        against trunk revision 980271.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 6 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        -1 findbugs. The patch appears to introduce 1 new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450785/6656-trunk-4.patch against trunk revision 980271. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. -1 findbugs. The patch appears to introduce 1 new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/648/console This message is automatically generated.
        Hide
        Devaraj Das added a comment -

        This should take care of findbugs.

        Show
        Devaraj Das added a comment - This should take care of findbugs.
        Hide
        Hadoop QA added a comment -

        -1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12450843/6656-trunk-4.patch
        against trunk revision 980271.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 6 new or modified tests.

        -1 javadoc. The javadoc tool appears to have generated 1 warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/testReport/
        Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/artifact/trunk/build/test/checkstyle-errors.html
        Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - -1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12450843/6656-trunk-4.patch against trunk revision 980271. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 6 new or modified tests. -1 javadoc. The javadoc tool appears to have generated 1 warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/testReport/ Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/artifact/trunk/build/test/checkstyle-errors.html Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h4.grid.sp2.yahoo.net/649/console This message is automatically generated.
        Hide
        Kan Zhang added a comment -

        +1 on the latest patch.

        Show
        Kan Zhang added a comment - +1 on the latest patch.
        Hide
        Devaraj Das added a comment -

        I just committed this. Thanks, Owen for the early patches on this.

        Show
        Devaraj Das added a comment - I just committed this. Thanks, Owen for the early patches on this.
        Hide
        Todd Lipcon added a comment -

        I know this is already committed - just a quick question for posterity: what's the motivation to shell out to "kinit -R" rather than using KerberosTicket.renew()? Is the goal that we want to keep the ticket cache up to date rather than just renewing the ticket "in RAM" for some reason?

        Show
        Todd Lipcon added a comment - I know this is already committed - just a quick question for posterity: what's the motivation to shell out to "kinit -R" rather than using KerberosTicket.renew()? Is the goal that we want to keep the ticket cache up to date rather than just renewing the ticket "in RAM" for some reason?
        Hide
        Devaraj Das added a comment -

        Well, we started out by trying to make the Refreshable interface work (and Owen had posted a patch on that on this jira). But we couldn't get it working reliably, and hence switched to the kinit based renewal. That seems to be working well so far in our production.

        Show
        Devaraj Das added a comment - Well, we started out by trying to make the Refreshable interface work (and Owen had posted a patch on that on this jira). But we couldn't get it working reliably, and hence switched to the kinit based renewal. That seems to be working well so far in our production.
        Hide
        Owen O'Malley added a comment -

        There are two advantages for kinit:
        1. The kinit re-writes the file so that later processes get the refreshed key.
        2. I couldn't get the renew to work at all. It returned without actually renewing anything. I didn't track down why it didn't work.

        The disadvantage for kinit is the race condition while you are re-writing the file.

        If you want to track down why it didn't work, I can post my patch.

        Show
        Owen O'Malley added a comment - There are two advantages for kinit: 1. The kinit re-writes the file so that later processes get the refreshed key. 2. I couldn't get the renew to work at all. It returned without actually renewing anything. I didn't track down why it didn't work. The disadvantage for kinit is the race condition while you are re-writing the file. If you want to track down why it didn't work, I can post my patch.

          People

          • Assignee:
            Devaraj Das
            Reporter:
            Owen O'Malley
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development