Github user joewitt commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2360#discussion_r158575727
--- Diff:
nifi-nar-bundles/nifi-extension-utils/nifi-hadoop-utils/src/main/java/org/apache/nifi/hadoop/SecurityUtil.java
---
@@ -51,7 +50,8 @@ public static synchronized UserGroupInformation
loginKerberos(final Configuratio
Validate.notNull(keyTab);
UserGroupInformation.setConfiguration(config);
- return
UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal.trim(),
keyTab.trim());
+ UserGroupInformation.loginUserFromKeytab(principal.trim(),
keyTab.trim());
--- End diff --
I think we should document in bold language precisely why this change is so
critical. That the method that was being used did not set the static
loginContext in the UGI object meant that its utility once a relogin/expiry
hits was nearly nil is critical and we should document this foreverever.
---
