[jira] [Work logged] (HADOOP-17159) Make UGI support forceful relogin from keytab ignoring the last login time

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/HADOOP-17159?focusedWorklogId=475572&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-475572
 ]

ASF GitHub Bot logged work on HADOOP-17159:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 27/Aug/20 22:21
            Start Date: 27/Aug/20 22:21
    Worklog Time Spent: 10m 
      Work Description: liuml07 merged pull request #2245:
URL: https://github.com/apache/hadoop/pull/2245


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 475572)
    Time Spent: 40m  (was: 0.5h)

> Make UGI support forceful relogin from keytab ignoring the last login time
> --------------------------------------------------------------------------
>
>                 Key: HADOOP-17159
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17159
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.10.0, 3.3.0, 3.2.1, 3.1.3
>            Reporter: Sandeep Guggilam
>            Assignee: Sandeep Guggilam
>            Priority: Major
>             Fix For: 3.2.2, 3.3.1, 3.4.0, 3.1.5
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Currently we have a relogin() method in UGI which attempts to login if there 
> is no login attempted in the last 10 minutes or configured amount of time
> We should also have provision for doing a forceful relogin irrespective of 
> the time window that the client can choose to use it if needed . Consider the 
> below scenario:
>  # SASL Server is reimaged and new keytabs are fetched with refreshing the 
> password
>  # SASL client connection to the server would fail when it tries with the 
> cached service ticket
>  # We should try to logout to clear the service tickets in cache and then try 
> to login back in such scenarios. But since the current relogin() doesn't 
> guarantee a login, it could cause an issue
>  # A forceful relogin in this case would help after logout
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org