Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-18243

HBase Thrift server lacks logic for renewing kerberos tickets

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.1.2, 2.0.0
    • Fix Version/s: None
    • Component/s: Thrift
    • Labels:

      Description

      I have been looking through the hbase-thrift code looking for where
      the server performs renewals of kerberos tickets for the provided
      principal/keytab. There seems to be no logic in place for renewing tickets.

      The hadoop-common provides the class
      UserGroupInformation, which exposes the method
      checkTGTAndReloginFromKeytab. I can see that the ThriftServerRunner class
      has a handle to the class
      (https://github.com/apache/hbase/blob/master/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java#L205),
      but I do not see the ticket renewal logic being called anywhere.

      A possible workaround is to renew the ticket outside the java process.

      The documentation on the checkTGTAndReloginFromKeytab states that if the ticket is still valid, a call to the method is essentially a no-op.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                steen.manniche Steen Manniche
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated: