[ 
https://issues.apache.org/jira/browse/ACCUMULO-4069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037862#comment-15037862
 ] 

ASF GitHub Bot commented on ACCUMULO-4069:
------------------------------------------

Github user ohshazbot commented on a diff in the pull request:

    https://github.com/apache/accumulo/pull/57#discussion_r46558805
  
    --- Diff: 
server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java 
---
    @@ -93,4 +95,41 @@ public static String getServerPrincipal(String 
configuredPrincipal) {
           throw new RuntimeException("Could not convert configured server 
principal: " + configuredPrincipal, e);
         }
       }
    +
    +  /**
    +   * Start a thread that periodically attempts to renew the current 
Kerberos user's ticket.
    +   *
    +   * @param ugi
    +   *    The current Kerberos user.
    +   * @param renewalPeriod
    +   *    The amount of time between attempting renewals.
    +   */
    +  static void startTicketRenewalThread(final UserGroupInformation ugi, 
final long renewalPeriod) {
    +    Thread t = new Daemon(new LoggingRunnable(renewalLog, new Runnable() {
    --- End diff --
    
    Can we prevent this thread from even running if there is no kerberos 
involved?


> Services failing to renew Kerberos ticket
> -----------------------------------------
>
>                 Key: ACCUMULO-4069
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4069
>             Project: Accumulo
>          Issue Type: Bug
>          Components: gc, master, monitor, tserver
>    Affects Versions: 1.5.4, 1.6.4, 1.7.0
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>              Labels: kerberos
>             Fix For: 1.6.5, 1.7.1, 1.8.0
>
>
> Got a report from a user that Accumulo services were dying after a period of 
> time that was suspiciously similar to the Kerberos ticket lifetime.
> A Kerberos ticket lifetime is the amount of time that the ticket is valid 
> (obtained from password or keytab). There is also a renewable lifetime 
> associate with each ticket. Within the renewable lifetime duration, clients 
> can "renew" their ticket for another "ticket lifetime" duration. For each, a 
> lifetime of one day and a renewable lifetime of seven days: a ticket is valid 
> for one day, but clients can renew that ticket up to 6 days after the 
> original ticket expires.
> I do recall seeing a line of code in our services that has a comment saying 
> it should spawn a thread specifically for this purpose, but I don't ever 
> recall seeing that thread in thread dumps. My hunch is that the thread just 
> isn't getting launched and we're not doing renewals



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to