[
https://issues.apache.org/jira/browse/HADOOP-9567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172913#comment-15172913
]
Gary Helmling commented on HADOOP-9567:
---------------------------------------
I'd like to revive this issue. Yes, the current relogin behavior upon
connection failure in {{handleSaslConnectionFailure()}} works, but when you
have all datanodes (or other client processes) started at the same time, this
can lead to a thundering herd effect, where all processes pile on the KDC at
the same time.
I think we can do better by starting a background thread (same as login from
the credential cache), which will initiate a relogin after a reasonable portion
of the ticket's lifetime +- some induced jitter to spread out the load.
> Provide auto-renewal for keytab based logins
> --------------------------------------------
>
> Key: HADOOP-9567
> URL: https://issues.apache.org/jira/browse/HADOOP-9567
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Priority: Minor
>
> We do a renewal for cached tickets (obtained via kinit before using a Hadoop
> application) but we explicitly seem to avoid doing a renewal for keytab based
> logins (done from within the client code) when we could do that as well via a
> similar thread.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
