[
https://issues.apache.org/jira/browse/HDFS-4548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13620928#comment-13620928
]
Daryn Sharp commented on HDFS-4548:
-----------------------------------
bq. [...] not to commit changes that will be undo right the way.
Regarding this point, all we're debating is the 1 line I moved from renew and
cancel token into the open connection. This is to ensure that getting a token
is also using a valid TGT instead of implicitly assuming something else
refreshed the TGT. In no way did I really change the pre-existing behavior,
and it's the same long-standing behavior of hftp. Any change would be an
enhancement that shouldn't block this jira.
More info on why UGI works the way it does: The renewal thread runs for ticket
cache TGTs because it _must_ renew before the TGT expires or it's game over - a
new TGT can't be acquired without the user's creds. Keytab logins do lazy
refresh of TGTs because it can acquire a new TGT with the keytab creds.
> Webhdfs doesn't renegotiate SPNEGO token
> ----------------------------------------
>
> Key: HDFS-4548
> URL: https://issues.apache.org/jira/browse/HDFS-4548
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Affects Versions: 2.0.0-alpha, 3.0.0, 0.23.7
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Priority: Blocker
> Attachments: HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch,
> HDFS-4548.branch-23.patch, HDFS-4548.branch-23.patch,
> HDFS-4548.branch-23.patch, HDFS-4548.patch, HDFS-4548.patch, HDFS-4548.patch,
> HDFS-4548.patch, HDFS-4548.patch
>
>
> When the webhdfs SPNEGO token expires, the fs doesn't attempt to renegotiate
> a new SPNEGO token. This renders webhdfs unusable for daemons that are
> logged in via a keytab which would allow a new SPNEGO token to be generated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
