----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25555/#review53114 -----------------------------------------------------------
Ship it! Ship It! - Brock Noland On Sept. 11, 2014, 8:52 p.m., Prasad Mujumdar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25555/ > ----------------------------------------------------------- > > (Updated Sept. 11, 2014, 8:52 p.m.) > > > Review request for sentry and Brock Noland. > > > Bugs: SENTRY-431 > https://issues.apache.org/jira/browse/SENTRY-431 > > > Repository: sentry > > > Description > ------- > > Hive currently has a logic to renew the kerberos ticket inline during > metastore connection. The sentry DB store client is loaded via semantic hook > which happens before the metastore connection. That means if there's a long > inactive perior in HS2, the ticket will be expired and sentry connection will > fail. > This patch ensures that the ticket is renewed before every new Sentry service > connection. The Hadoop UGI api used here will relogin only if less that 20% > time left on the ticket to expire. > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > 6895927 > > Diff: https://reviews.apache.org/r/25555/diff/ > > > Testing > ------- > > Manucally tested on a secure cluster > > > Thanks, > > Prasad Mujumdar > >
