Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-747

Impala should run the 2 kinit commands separately

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • Impala 1.2.3
    • Impala 1.3
    • None

    Description

      While testing with KDC configurations where max_renew_life isn't set correctly, I came across a weird bug. Currently Imapala calls both kinit statements together:

      kinit_cmd_ss << "kinit -r " << ticket_lifetime << "m -k -t " << keytab_path_ << " "
                     << principal_ << " 2>&1 " << "&& kinit -R 2>&1";
      

      For some reason this creates a ticket with no lifetime (not just non-renewable). But if the 2 kinits are run separately then tickets at least have a lifetime.

      bash-4.1$ kinit -r 1440m -k -t /var/run/cloudera-scm-agent/process/132-impala-STATESTORE/impala.keytab impala/sys-viks2-1.ent.cloudera.com@ENT.CLOUDERA.COM 2>&1 && kinit -R 2>&1
      bash-4.1$ klist
      Ticket cache: FILE:/tmp/krb5cc_487
      Default principal: impala/sys-viks2-1.ent.cloudera.com@ENT.CLOUDERA.COM
      
      Valid starting     Expires            Service principal
      01/10/14 14:59:08  01/10/14 14:59:08  krbtgt/ENT.CLOUDERA.COM@ENT.CLOUDERA.COM
      	renew until 01/10/14 14:59:08
      bash-4.1$ 
      bash-4.1$ 
      bash-4.1$ 
      bash-4.1$ kdestroy
      bash-4.1$ klist
      klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_487)
      bash-4.1$ 
      bash-4.1$ 
      bash-4.1$ kinit -r 1440m -k -t /var/run/cloudera-scm-agent/process/132-impala-STATESTORE/impala.keytab impala/sys-viks2-1.ent.cloudera.com@ENT.CLOUDERA.COM 2>&1
      bash-4.1$ klist
      Ticket cache: FILE:/tmp/krb5cc_487
      Default principal: impala/sys-viks2-1.ent.cloudera.com@ENT.CLOUDERA.COM
      
      Valid starting     Expires            Service principal
      01/10/14 14:59:27  01/10/14 15:14:27  krbtgt/ENT.CLOUDERA.COM@ENT.CLOUDERA.COM
      	renew until 01/10/14 14:59:27
      bash-4.1$ kinit -R
      kinit: Ticket expired while renewing credentials
      bash-4.1$ klist
      Ticket cache: FILE:/tmp/krb5cc_487
      Default principal: impala/sys-viks2-1.ent.cloudera.com@ENT.CLOUDERA.COM
      
      Valid starting     Expires            Service principal
      01/10/14 14:59:27  01/10/14 15:14:27  krbtgt/ENT.CLOUDERA.COM@ENT.CLOUDERA.COM
      	renew until 01/10/14 14:59:27
      

      Attachments

        Activity

          People

            henryr Henry Robinson
            vikrams_impala_7f71 Vikram Srivastava
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: