[
https://issues.apache.org/jira/browse/RANGER-3848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17574423#comment-17574423
]
Abhishek Kumar commented on RANGER-3848:
----------------------------------------
[RR: https://reviews.apache.org/r/74080/]
> RangerClient does not auto renew Kerberos ticket after ticket lifetime expired
> ------------------------------------------------------------------------------
>
> Key: RANGER-3848
> URL: https://issues.apache.org/jira/browse/RANGER-3848
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 2.3.0
> Reporter: Abhishek Kumar
> Assignee: Abhishek Kumar
> Priority: Major
>
> RangerClient does not seem to auto renew Kerberos ticket after ticket
> lifetime expired.
> This prevents applications using RangerClient from making any requests after
> the ticket lifetime (as RangerClient is instantiated once and only once upon
> application startup using Kerberos principal and keytab).
> Evidence from a test cluster:
> First Unauthorized 401 started to appear after 24 hrs (the same as
> ticket_lifetime defined in krb5.conf).
> Verified that /etc/krb5.conf ticket_lifetime is 1 day:
> {code:java}
> [systest@random-3 ~]$ cat /etc/krb5.conf
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
> renew_lifetime = 8d
> default_realm = SOURCE7172.SITE
> dns_lookup_realm = false
> dns_lookup_kdc = false
> ticket_lifetime = 1d
> forwardable = yes
> ...{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
