Abhishek Kumar created RANGER-3848:
--------------------------------------
Summary: RangerClient does not auto renew Kerberos ticket after
ticket lifetime expired
Key: RANGER-3848
URL: https://issues.apache.org/jira/browse/RANGER-3848
Project: Ranger
Issue Type: Bug
Components: Ranger
Reporter: Abhishek Kumar
Assignee: Abhishek Kumar
RangerClient does not seem to auto renew Kerberos ticket after ticket lifetime
expired.
This prevents applications using RangerClient from making any requests after
the ticket lifetime (as RangerClient is instantiated once and only once upon
application startup using Kerberos principal and keytab).
Evidence from a test cluster:
First Unauthorized 401 started to appear after 24 hrs (the same as
ticket_lifetime defined in krb5.conf).
Verified that /etc/krb5.conf ticket_lifetime is 1 day:
{code:java}
[systest@random-3 ~]$ cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
renew_lifetime = 8d
default_realm = SOURCE7172.SITE
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 1d
forwardable = yes
...{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
