Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1181

Fix problems with Kerberos TGT renewal

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed
    • Hide
      -Fixes two findbugs warnings related to holding a lock while sleeping.
      -Addresses Camille's point: merge two almost-identical retry methods into a single retry method.
      Show
      -Fixes two findbugs warnings related to holding a lock while sleeping. -Addresses Camille's point: merge two almost-identical retry methods into a single retry method.

    Description

      Currently, in Zookeeper trunk, there are two problems with Kerberos TGT renewal:

      1. TGTs obtained from a keytab are not refreshed periodically. They should be, just as those from ticket cache are refreshed.

      2. Ticket renewal should be retried if it fails. Ticket renewal might fail if two or more separate processes (different JVMs) running as the same user try to renew Kerberos credentials at the same time.

      Attachments

        1. ZOOKEEPER-1181.patch
          25 kB
          Eugene Joseph Koontz
        2. ZOOKEEPER-1181.patch
          25 kB
          Eugene Joseph Koontz
        3. ZOOKEEPER-1181.patch
          25 kB
          Mahadev Konar

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ekoontz Eugene Joseph Koontz
            ekoontz Eugene Joseph Koontz
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment