[
https://issues.apache.org/jira/browse/HADOOP-6656?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12892605#action_12892605
]
Kan Zhang commented on HADOOP-6656:
-----------------------------------
getTGT() method should be replaced by or merged with
SecurityUtil.getTgtFromSubject(). I don't think getTGT() handles cross-realm
case.
Shouldn't User.setLastLogin() and User.getLastLogin() be synchronized methods?
In current code, only synchronized methods in UGI use them, which is fine. But
it's safer to synchronize at User class, and not relying on users of User class
to synchronize. Same for other getters and setters in User.
hasSufficientTimeElapsed() has the side-effect of setting the last login time
to now if it returns true, which is not intuitive to me.
> Security framework needs to renew Kerberos tickets while the process is
> running
> -------------------------------------------------------------------------------
>
> Key: HADOOP-6656
> URL: https://issues.apache.org/jira/browse/HADOOP-6656
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Owen O'Malley
> Assignee: Devaraj Das
> Fix For: 0.22.0
>
> Attachments: 6656-trunk-1.patch, 6656-trunk-2.patch,
> c-6656-y20-internal.patch, refresh.patch
>
>
> While a client process is running, there should be a thread that periodically
> renews the Kerberos credentials to ensure they don't expire.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
