[KUDU-1845] Kerberos client keytab should be periodically renewed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.3.0
Component/s: security
Labels:
None

Target Version/s:

1.3.0

Description

Currently, security/init.cc initializes the Kerberos client keytab on startup, but never renews it. The credentials expire after some time so it's important to have some thread which renews it before expiration (hopefully in such a way that if a renewal transiently fails, we don't lose our previously good ticket)

Attachments

Activity

People

Assignee:: Sailesh Mukil

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Jan/17 00:54

Updated:: 26/Feb/17 23:01

Resolved:: 26/Feb/17 23:01