[
https://issues.apache.org/jira/browse/OOZIE-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15231204#comment-15231204
]
Rohini Palaniswamy commented on OOZIE-2485:
-------------------------------------------
+1
> Oozie client keeps trying to use expired auth token
> ---------------------------------------------------
>
> Key: OOZIE-2485
> URL: https://issues.apache.org/jira/browse/OOZIE-2485
> Project: Oozie
> Issue Type: Bug
> Components: client, security
> Affects Versions: trunk
> Reporter: Robert Kanter
> Assignee: Robert Kanter
> Priority: Blocker
> Fix For: trunk
>
> Attachments: OOZIE-2485.001.patch
>
>
> When using Hadoop 2.4.0 or later, the Oozie client doesn't update the auth
> token when it expires. The client doesn't typically give you an error
> because it will still fallback and authenticate via Kerberos or Pseudo.
> However, this is inefficient.
> This appears to be due to HADOOP-10301, which made an incompatible change
> with how the AuthHandler tells the Authenticator when a token has expired.
> It used to give a 401 when the token expired, but now it will do SPNEGO (if
> you have Kerberos credentials) and return a new token, all in the same call.
> Oozie client's code doesn't handle that case.
> With Pseudo Auth, it behaves a little differently and you now get a 403 on
> that first call, but it doesn't give you a new token.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
