[
https://issues.apache.org/jira/browse/HADOOP-12649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15059963#comment-15059963
]
Steve Loughran commented on HADOOP-12649:
-----------------------------------------
If you can't renew a ticket as you were kinited-in and it's expired, the
renewer thread exits with nothing but a warning. It doesn't even print the
stack trace of the nested exception.
{code}
2015-12-16 12:57:44,005 [TGT Renewer for stevel@COTHAM] WARN
security.UserGroupInformation (run(914)) - Exception encountered while running
the renewal command. Aborting renew thread. ExitCodeException exitCode=1:
kinit: krb5_get_kdc_cred: Error from KDC: TKT_EXPIRED
{code}
A near-silent failure is not always what you want. There is nothing to prevent
a renewal-failure action to be provided to this thread, allowing an
application-level action to be performed (maybe even retry)
> Improve UGI diagnostics and failure handling
> --------------------------------------------
>
> Key: HADOOP-12649
> URL: https://issues.apache.org/jira/browse/HADOOP-12649
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.7.1
> Environment: Kerberos
> Reporter: Steve Loughran
>
> Sometimes —apparently— some people cannot get kerberos to work.
> The ability to diagnose problems here is hampered by some aspects of UGI
> # the only way to turn on JAAS debug information is through an env var, not
> within the JVM
> # failures are potentially underlogged
> # exceptions raised are generic IOEs, so can't be trapped and filtered
> # failure handling on the TGT renewer thread is nonexistent
> # the code is barely-readable, underdocumented mess.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
