[jira] [Commented] (KAFKA-3866) KerberosLogin refresh time bug and other improvements

Sat, 18 Jun 2016 16:44:55 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15338276#comment-15338276
 ] 

ASF GitHub Bot commented on KAFKA-3866:
---------------------------------------

GitHub user ijuma opened a pull request:

    https://github.com/apache/kafka/pull/1522

    KAFKA-3866; KerberosLogin refresh time bug and other improvements

    * Handle correctly the case where the refresh is supposed to happen now
    * Replace `now + minTimeBeforeLogin` with `lastLogin + minTimeBeforeLogin`
    * Break from loop if there are no retries left after `reLogin` fails
    * `reLogin` no longer checks if sufficient time has elapsed as the check
    is done elsewhere when appropriate and it would incorrectly not relogin
    even if that meant that the ticket would expire
    * Removed duplicate logic in `getRefreshTime` regarding a refresh time
    that was greater than the expiry time
    * Comment and logging clean-ups
    * Add validators for a few SASL configs

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/ijuma/kafka 
kafka-3866-kerberos-login-refresh-time-bug

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/1522.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1522
    
----
commit c75633a5134ca98be2427ea5dfb4a97b2706828a
Author: Ismael Juma <[email protected]>
Date:   2016-06-18T23:42:26Z

    Various fixes and improvements to KerberosLogin
    
    * Handle correctly the case where the refresh is supposed to happen now
    * Replace `now + minTimeBeforeLogin` with `lastLogin + minTimeBeforeLogin`
    * Break from loop if there are no retries left after `reLogin` fails
    * `reLogin` no longer checks if sufficient time has elapsed as the check
    is done elsewhere when appropriate and it would incorrectly not relogin
    even if that meant that the ticket would expire
    * Removed duplicate logic in `getRefreshTime` regarding a refresh time
    that was greater than the expiry time
    * Comment and logging clean-ups

commit bbddd5a654159f4c006b1c91207a76c0ed700b99
Author: Ismael Juma <[email protected]>
Date:   2016-06-18T23:42:53Z

    Add validators for a few SASL configs

----


> KerberosLogin refresh time bug and other improvements
> -----------------------------------------------------
>
>                 Key: KAFKA-3866
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3866
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.10.0.0
>            Reporter: Ismael Juma
>            Assignee: Ismael Juma
>             Fix For: 0.10.0.1
>
>
> ZOOKEEPER-2295 describes a bug in the Kerberos refresh time logic that is 
> also present in our KerberosLogin class. While looking at the code, I found a 
> number of things that could be improved. More details in the PR.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to