[
https://issues.apache.org/jira/browse/RANGER-1649?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16120622#comment-16120622
]
Ramesh Mani edited comment on RANGER-1649 at 8/9/17 8:39 PM:
-------------------------------------------------------------
commit link : http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff
was (Author: rmani):
http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff
> Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal
> mechanism
> -------------------------------------------------------------------------------------
>
> Key: RANGER-1649
> URL: https://issues.apache.org/jira/browse/RANGER-1649
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 1.0.0
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Fix For: 1.0.0
>
>
> Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal
> mechanism.
> Ranger Plugin for non core Hadoop components like Solr, when it uses Hadoop
> UserGroupInformation api to set/get the UGI, and this UGI is used for
> Authenticated call to Download Policy / Audit to HDFS. When TGT expires there
> was failure as it never got renewed. (Core components like Hdfs, hive, hbase
> internally taking care of this with right keytab login and renewal ). So in
> this case when we do a MiscUtil.getUGILoginUser() to get UGI at the plugin,
> this call will invoke UGI.checkTGTAndReloginFromKeytab() to check and renew
> the TGT. This fails if the UGI is not created with Principal/Keytab.
> In this issue when authWithConfig(), it uses the just Subject() alone to
> login and as a result checkTGTAndReloginFromKeytab() failed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
