[
https://issues.apache.org/jira/browse/HADOOP-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14705651#comment-14705651
]
Benoy Antony commented on HADOOP-12332:
---------------------------------------
The decision to prevent immediate reLogin is per design . This is especially
desirable under error scenarios like heavy load or expred keytab.
{code}
private boolean hasSufficientTimeElapsed(long now) {
if (now - user.getLastLogin() < kerberosMinSecondsBeforeRelogin ) {
LOG.warn("Not attempting to re-login since the last re-login was " +
"attempted less than " + (kerberosMinSecondsBeforeRelogin/1000) +
" seconds before.");
return false;
}
return true;
}
{code}
> UserGroupInformation.reloginFromKeytab() timeout can leave UGI in unusable
> state
> --------------------------------------------------------------------------------
>
> Key: HADOOP-12332
> URL: https://issues.apache.org/jira/browse/HADOOP-12332
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.6.0
> Environment: affects all
> Reporter: john lilley
> Priority: Minor
>
> UserGroupInformation.reloginFromKeytab() sets the current timestamp before
> the try:
> // register most recent relogin attempt
> user.setLastLogin(now);
> try {
> If a timeout error occurs during user.login() due to heavy system load, this
> leaves the user logged out and unusable, and because it has updated the
> timestamp, the caller cannot recover by calling reloginFromKeytab()
> immediately.
> It may be that timeouts should be considered fatal errors in this case, in
> which I would call it "as designed".
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
