[
https://issues.apache.org/jira/browse/HADOOP-9341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HADOOP-9341:
--------------------------------
Attachment: HADOOP-9341.patch
HADOOP-9341.branch-23.patch
Add method to remove expired tokens and keys. Had to move logic for not
removing current key into the expire method since the current key must survive
a keyroll and the expiration purge.
> Secret Managers should allow explicit purging of tokens and secret keys
> -----------------------------------------------------------------------
>
> Key: HADOOP-9341
> URL: https://issues.apache.org/jira/browse/HADOOP-9341
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
> Attachments: HADOOP-9341.branch-23.patch, HADOOP-9341.patch
>
>
> Per HDFS-4477, the fsimage retains all secret keys and uncanceled tokens
> forever. There should be a way to explicitly purge a secret manager of
> expired items w/o starting its threads.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
