[ https://issues.apache.org/jira/browse/RANGER-1649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16120622#comment-16120622 ]
Ramesh Mani edited comment on RANGER-1649 at 8/9/17 8:39 PM: ------------------------------------------------------------- commit link : http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff was (Author: rmani): http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff > Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal > mechanism > ------------------------------------------------------------------------------------- > > Key: RANGER-1649 > URL: https://issues.apache.org/jira/browse/RANGER-1649 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 1.0.0 > Reporter: Ramesh Mani > Assignee: Ramesh Mani > Fix For: 1.0.0 > > > Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal > mechanism. > Ranger Plugin for non core Hadoop components like Solr, when it uses Hadoop > UserGroupInformation api to set/get the UGI, and this UGI is used for > Authenticated call to Download Policy / Audit to HDFS. When TGT expires there > was failure as it never got renewed. (Core components like Hdfs, hive, hbase > internally taking care of this with right keytab login and renewal ). So in > this case when we do a MiscUtil.getUGILoginUser() to get UGI at the plugin, > this call will invoke UGI.checkTGTAndReloginFromKeytab() to check and renew > the TGT. This fails if the UGI is not created with Principal/Keytab. > In this issue when authWithConfig(), it uses the just Subject() alone to > login and as a result checkTGTAndReloginFromKeytab() failed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)