[
https://issues.apache.org/jira/browse/KNOX-916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15948222#comment-15948222
]
Jeffrey E Rodriguez commented on KNOX-916:
-------------------------------------------
Knox Jaas resets "short" life (every 24 hours usually) and renew TGT when
"max life" (7 day) is reached. In your failed cluster you can do some checks on
the cached TGT using klist (max life, short life, expiration, timestamp, etc).
From there maybe we can find out the issue.
Instead of destroy test if you can reset short life with kinit -R and see if it
fixes the issue.
> When REST endpoint enables SPNEGO and there is valid kerberos ticket cache
> for knox user, REST call through knox will show 401 error
> ------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-916
> URL: https://issues.apache.org/jira/browse/KNOX-916
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Shi Wang
> Assignee: Shi Wang
>
> For example, if webhdfs uses SPNEGO authentication, and curl through knox, su
> knoxuser and klist, if there is valid kerberos ticket cached for knoxuser,
> then it will show 401 unauthorized error. But if the cached ticket expired or
> do not have any cached ticket, could get 200 correct result.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
