[
https://issues.apache.org/jira/browse/HADOOP-9567?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14089433#comment-14089433
]
Darryl Dutton commented on HADOOP-9567:
---------------------------------------
This is a serious issue in a scenario where running a continuous flume agent
configured with a keytab using the hdfs sink, can not renew or reissue a
ticket beyond what has been initially issued for lifetime span. For example, if
the ticket lifetime issued is 24 hours, the hdfs client within flume agent will
start throwing security exceptions after 24 hours when trying to write to hdfs.
There needs to be a practical way for long running processes to keep reissuing
tickets when using keytabs with the hdfs client.
> Provide auto-renewal for keytab based logins
> --------------------------------------------
>
> Key: HADOOP-9567
> URL: https://issues.apache.org/jira/browse/HADOOP-9567
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.0.0-alpha
> Reporter: Harsh J
> Priority: Minor
>
> We do a renewal for cached tickets (obtained via kinit before using a Hadoop
> application) but we explicitly seem to avoid doing a renewal for keytab based
> logins (done from within the client code) when we could do that as well via a
> similar thread.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
