arunreddyav commented on code in PR #8054:
URL: https://github.com/apache/hadoop/pull/8054#discussion_r2490312027
##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.java:
##########
@@ -858,7 +858,11 @@ private void removeExpiredToken() throws IOException {
long renewDate = entry.getValue().getRenewDate();
if (renewDate < now) {
expiredTokens.add(entry.getKey());
- removeTokenForOwnerStats(entry.getKey());
+ try {
+ removeTokenForOwnerStats(entry.getKey());
Review Comment:
* The token will not be leaked as I'm catching the exception and cleaned up
in the `logExpireTokens(expiredTokens);`.
* Including the older rules under hadoop.security.auth_to_local could be a
possible approach; however, the customer prefers not to include the older rules
for security reasons (for ex :- when moved to more secure zone old keytabs
should not be allowed)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
