[
https://issues.apache.org/jira/browse/KAFKA-3866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15878152#comment-15878152
]
Andrew Olson edited comment on KAFKA-3866 at 2/22/17 1:06 PM:
--------------------------------------------------------------
We saw the following error when setting a very low expiration time (-maxlife
"30 seconds" and -maxrenewlife "90 seconds"),
{noformat}ERROR NextRefresh: Tue Feb 21 12:42:59 CST 2017 is in the past:
exiting refresh
thread. Check clock sync between this host and KDC - (KDC's clock is likely
ahead of this host).
Manual intervention will be required for this client to successfully
authenticate. Exiting refresh
thread. (org.apache.kafka.common.security.kerberos.KerberosLogin){noformat}
Would this change fix that scenario?
was (Author: noslowerdna):
We saw the following error when setting a very low expiration time (-maxlife
"30 seconds" and -maxrenewlife "90 seconds"),
{noformat}ERROR NextRefresh: Tue Feb 21 12:42:59 CST 2017 is in the past:
exiting refresh thread. Check clock sync between this host and KDC - (KDC's
clock is likely ahead of this host). Manual intervention will be required for
this client to successfully authenticate. Exiting refresh thread.
(org.apache.kafka.common.security.kerberos.KerberosLogin){noformat}
Would this change fix that scenario?
> KerberosLogin refresh time bug and other improvements
> -----------------------------------------------------
>
> Key: KAFKA-3866
> URL: https://issues.apache.org/jira/browse/KAFKA-3866
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.10.0.0
> Reporter: Ismael Juma
> Assignee: Ismael Juma
>
> ZOOKEEPER-2295 describes a bug in the Kerberos refresh time logic that is
> also present in our KerberosLogin class. While looking at the code, I found a
> number of things that could be improved. More details in the PR.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
