Ramesh Mani edited comment on RANGER-1649 at 8/9/17 8:39 PM:

commit link : http://git-wip-us.apache.org/repos/asf/ranger/commit/4ce27cff

was (Author: rmani):

> Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal 
> mechanism
> -------------------------------------------------------------------------------------
>                 Key: RANGER-1649
>                 URL: https://issues.apache.org/jira/browse/RANGER-1649
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 1.0.0
>            Reporter: Ramesh Mani
>            Assignee: Ramesh Mani
>             Fix For: 1.0.0
> Ranger Solr Plugin fails to refresh policy due to failure in ticket renewal 
> mechanism.
> Ranger Plugin for non core Hadoop components like Solr, when it uses Hadoop 
> UserGroupInformation api to set/get the UGI, and this UGI is used for 
> Authenticated call to Download Policy / Audit to HDFS. When TGT expires there 
> was failure as it never got renewed. (Core components like Hdfs, hive, hbase 
> internally taking care of this with right keytab login and renewal ). So in 
> this case when we do a MiscUtil.getUGILoginUser() to get UGI at the plugin, 
> this call will invoke UGI.checkTGTAndReloginFromKeytab() to check and renew 
> the TGT. This fails if the UGI is not created with Principal/Keytab.
> In this issue when authWithConfig(), it uses the just Subject() alone to 
> login and as a result checkTGTAndReloginFromKeytab() failed. 

This message was sent by Atlassian JIRA

Reply via email to