[
https://issues.apache.org/jira/browse/HDFS-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13596509#comment-13596509
]
Daryn Sharp commented on HDFS-4548:
-----------------------------------
Valid points. Currently webhdfs does both spnego and token auth for all
non-token operations. Maybe what I should do is make the authenticated url
stuff only be used by token operations. All other operations do not require
spnego, they just need a token. The token ops don't send data payloads, so the
retry-ability of those operations when the spnego token goes bad is not an
issue.
> Webhdfs doesn't renegotiate SPNEGO token
> ----------------------------------------
>
> Key: HDFS-4548
> URL: https://issues.apache.org/jira/browse/HDFS-4548
> Project: Hadoop HDFS
> Issue Type: Bug
> Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Critical
> Attachments: HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch,
> HDFS-4548.patch, HDFS-4548.patch
>
>
> When the webhdfs SPNEGO token expires, the fs doesn't attempt to renegotiate
> a new SPNEGO token. This renders webhdfs unusable for daemons that are
> logged in via a keytab which would allow a new SPNEGO token to be generated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
