Description
I have been looking through the hbase-thrift code looking for where
the server performs renewals of kerberos tickets for the provided
principal/keytab. There seems to be no logic in place for renewing tickets.
The hadoop-common provides the class
UserGroupInformation, which exposes the method
checkTGTAndReloginFromKeytab. I can see that the ThriftServerRunner class
has a handle to the class
(https://github.com/apache/hbase/blob/master/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java#L205),
but I do not see the ticket renewal logic being called anywhere.
A possible workaround is to renew the ticket outside the java process.
The documentation on the checkTGTAndReloginFromKeytab states that if the ticket is still valid, a call to the method is essentially a no-op.
Attachments
Issue Links
- is related to
-
HADOOP-9567 Provide auto-renewal for keytab based logins
- Resolved