Todd Lipcon created KUDU-2264:
---------------------------------
Summary: Java client should re-login from ticket cache when ticket
is expiring
Key: KUDU-2264
URL: https://issues.apache.org/jira/browse/KUDU-2264
Project: Kudu
Issue Type: Improvement
Components: client, java, security
Affects Versions: 1.6.0, 1.5.0, 1.4.0, 1.3.1
Reporter: Todd Lipcon
Assignee: Todd Lipcon
Currently, if the Kudu client is used from a thread that has no JAAS Subject
with Kerberos credentials, it will log in from the user's ticket cache (in a
configurable location).
However, if that original ticket expires, then the client will never re-read
the ticket cache. Instead, it will start to get authentication failures, even
if the underlying ticket cache on disk has been updated with new credentials.
This causes big issues in Impala -- Impala starts a thread which reacquires
tickets from its keytab and writes them into its ticket cache, but with
existing versions of Kudu, the client won't pick up these new tickets. Impala
also currently caches Kudu clients "forever". So, after 30 days (or whatever
the ticket lifetime is), Impala will become unable to query Kudu.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
