[
https://issues.apache.org/jira/browse/HADOOP-7091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12978932#action_12978932
]
Kan Zhang commented on HADOOP-7091:
-----------------------------------
Todd, thanks for the review. Can't write unit tests for it, but we have
verified the patch on clusters at Yahoo.
> reloginFromKeytab() should happen even if TGT can't be found
> ------------------------------------------------------------
>
> Key: HADOOP-7091
> URL: https://issues.apache.org/jira/browse/HADOOP-7091
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Kan Zhang
> Assignee: Kan Zhang
> Attachments: c7091-01.patch
>
>
> HADOOP-6965 introduced a getTGT() method and prevents reloginFromKeytab()
> from happening when TGT is not found. This results in the RPC layer not being
> able to refresh TGT after TGT expires. The reason is RPC layer only does
> relogin when the expired TGT is used and an exception is thrown. However,
> when that happens, the expired TGT will be removed from Subject. Therefore,
> getTGT() will return null and relogin will not be performed. We observed, for
> example, JT will not be able to re-connect to NN after TGT expires.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
