[
https://issues.apache.org/jira/browse/ZOOKEEPER-1181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13105010#comment-13105010
]
Eugene Koontz commented on ZOOKEEPER-1181:
------------------------------------------
This was a one master, 3 regionserver cluster, where the master and 2 of the
regionservers ran Quorum Peers.
> Fix problems with Kerberos TGT renewal
> --------------------------------------
>
> Key: ZOOKEEPER-1181
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1181
> Project: ZooKeeper
> Issue Type: Bug
> Components: java client, server
> Affects Versions: 3.4.0
> Reporter: Eugene Koontz
> Assignee: Eugene Koontz
> Labels: kerberos, security
> Fix For: 3.4.0
>
> Attachments: ZOOKEEPER-1181.patch, ZOOKEEPER-1181.patch
>
>
> Currently, in Zookeeper trunk, there are two problems with Kerberos TGT
> renewal:
> 1. TGTs obtained from a keytab are not refreshed periodically. They should
> be, just as those from ticket cache are refreshed.
> 2. Ticket renewal should be retried if it fails. Ticket renewal might fail if
> two or more separate processes (different JVMs) running as the same user try
> to renew Kerberos credentials at the same time.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
