Jean-Daniel Cryans updated KUDU-2264:
    Code Review: https://gerrit.cloudera.org/#/c/9050/

> Java client should re-login from ticket cache when ticket is expiring
> ---------------------------------------------------------------------
>                 Key: KUDU-2264
>                 URL: https://issues.apache.org/jira/browse/KUDU-2264
>             Project: Kudu
>          Issue Type: Improvement
>          Components: client, java, security
>    Affects Versions: 1.3.1, 1.4.0, 1.5.0, 1.6.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Critical
> Currently, if the Kudu client is used from a thread that has no JAAS Subject 
> with Kerberos credentials, it will log in from the user's ticket cache (in a 
> configurable location).
> However, if that original ticket expires, then the client will never re-read 
> the ticket cache. Instead, it will start to get authentication failures, even 
> if the underlying ticket cache on disk has been updated with new credentials.
> This causes big issues in Impala -- Impala starts a thread which reacquires 
> tickets from its keytab and writes them into its ticket cache, but with 
> existing versions of Kudu, the client won't pick up these new tickets. Impala 
> also currently caches Kudu clients "forever". So, after 30 days (or whatever 
> the ticket lifetime is), Impala will become unable to query Kudu.

This message was sent by Atlassian JIRA

Reply via email to