Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-7091

reloginFromKeytab() should happen even if TGT can't be found

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.22.0
    • security
    • None
    • Reviewed

    Description

      HADOOP-6965 introduced a getTGT() method and prevents reloginFromKeytab() from happening when TGT is not found. This results in the RPC layer not being able to refresh TGT after TGT expires. The reason is RPC layer only does relogin when the expired TGT is used and an exception is thrown. However, when that happens, the expired TGT will be removed from Subject. Therefore, getTGT() will return null and relogin will not be performed. We observed, for example, JT will not be able to re-connect to NN after TGT expires.

      Attachments

        1. c7091-01.patch
          1 kB
          Kan Zhang

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            kzhang Kan Zhang
            kzhang Kan Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment