[jira] [Commented] (RANGER-3848) RangerClient does not auto renew Kerberos ticket after ticket lifetime expired

[Ramesh Mani (Jira)]

    [ 
https://issues.apache.org/jira/browse/RANGER-3848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17578121#comment-17578121
 ] 

Ramesh Mani commented on RANGER-3848:
-------------------------------------

[~abhi_2110]  Patch committed to 2.4 and master branch. Thanks.

> RangerClient does not auto renew Kerberos ticket after ticket lifetime expired
> ------------------------------------------------------------------------------
>
>                 Key: RANGER-3848
>                 URL: https://issues.apache.org/jira/browse/RANGER-3848
>             Project: Ranger
>          Issue Type: Bug
>          Components: Ranger
>    Affects Versions: 2.3.0
>            Reporter: Abhishek Kumar
>            Assignee: Abhishek Kumar
>            Priority: Major
>
> RangerClient does not seem to auto renew Kerberos ticket after ticket 
> lifetime expired.
> This prevents applications using RangerClient from making any requests after 
> the ticket lifetime (as RangerClient is instantiated once and only once upon 
> application startup using Kerberos principal and keytab).
> Evidence from a test cluster:
> First Unauthorized 401 started to appear after 24 hrs (the same as 
> ticket_lifetime defined in krb5.conf).
> Verified that /etc/krb5.conf ticket_lifetime is 1 day:
> {code:java}
> [systest@random-3 ~]$ cat /etc/krb5.conf
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
>  renew_lifetime = 8d
>  default_realm = SOURCE7172.SITE
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>  ticket_lifetime = 1d
>  forwardable = yes
> ...{code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)