[
https://issues.apache.org/jira/browse/STORM-345?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans resolved STORM-345.
---------------------------------------
Resolution: Invalid
I hate the java implementation of kerberos. Turns out that our krb5.conf had a
setting in it that was forwardable = yes, not forwardable = true. This was
fine for the rest of kerberos, but mad java think it was not supposed to ask
for a forwardable ticket. So when it got back the renewed ticket from the KDC
something didn't match and it got very angry.
Thanks for all of your help resolving this.
> (Security) AutoTGT renewal is not working
> -----------------------------------------
>
> Key: STORM-345
> URL: https://issues.apache.org/jira/browse/STORM-345
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Raghavendra Nandagopal
> Labels: security
>
> AutoTGT will call tgt.refresh(); to try and renew a token, but ever time we
> try to make this work the java code blows up with some very odd errors.
> Either we need to find some configurations and document them on how to make
> this work.
> Rip out the renewal code and update the documentation to explain that the
> renewal is not supported.
> Find another way to renew the TGT (Some other library)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
