[ZOOKEEPER-1181] Fix problems with Kerberos TGT renewal - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.0
Fix Version/s: 3.4.0, 3.5.0
Component/s: java client, server
Labels:
- kerberos
- security

Hadoop Flags:

Reviewed
Release Note:

Hide
-Fixes two findbugs warnings related to holding a lock while sleeping.
-Addresses Camille's point: merge two almost-identical retry methods into a single retry method.

Show
-Fixes two findbugs warnings related to holding a lock while sleeping. -Addresses Camille's point: merge two almost-identical retry methods into a single retry method.

Description

Currently, in Zookeeper trunk, there are two problems with Kerberos TGT renewal:

1. TGTs obtained from a keytab are not refreshed periodically. They should be, just as those from ticket cache are refreshed.

2. Ticket renewal should be retried if it fails. Ticket renewal might fail if two or more separate processes (different JVMs) running as the same user try to renew Kerberos credentials at the same time.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-1181.patch
19/Oct/11 07:05
25 kB
Mahadev Konar
ZOOKEEPER-1181.patch
14/Sep/11 21:24
25 kB
Eugene Joseph Koontz
ZOOKEEPER-1181.patch
13/Sep/11 23:49
25 kB
Eugene Joseph Koontz

Issue Links

depends upon

ZOOKEEPER-938 Support Kerberos authentication of clients.

Closed

is related to

ZOOKEEPER-1205 Add a unit test for Kerberos Ticket-Granting Ticket (TGT) renewal

Open

Activity

People

Assignee:: Eugene Joseph Koontz

Reporter:: Eugene Joseph Koontz

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Sep/11 23:38

Updated:: 02/May/13 02:29

Resolved:: 24/Oct/11 06:47