[
https://issues.apache.org/jira/browse/ACCUMULO-4069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15038011#comment-15038011
]
ASF GitHub Bot commented on ACCUMULO-4069:
------------------------------------------
Github user joshelser commented on a diff in the pull request:
https://github.com/apache/accumulo/pull/57#discussion_r46572253
--- Diff:
server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
---
@@ -93,4 +95,41 @@ public static String getServerPrincipal(String
configuredPrincipal) {
throw new RuntimeException("Could not convert configured server
principal: " + configuredPrincipal, e);
}
}
+
+ /**
+ * Start a thread that periodically attempts to renew the current
Kerberos user's ticket.
+ *
+ * @param ugi
+ * The current Kerberos user.
+ * @param renewalPeriod
+ * The amount of time between attempting renewals.
+ */
+ static void startTicketRenewalThread(final UserGroupInformation ugi,
final long renewalPeriod) {
+ Thread t = new Daemon(new LoggingRunnable(renewalLog, new Runnable() {
--- End diff --
`SecuityUtil#serverLogin(AccumuloConfiguration)` aborts quickly if we're
not actually running with Kerberos. So, no, this thread already won't run if
the servers aren't configured to run with Kerberos.
> Services failing to renew Kerberos ticket
> -----------------------------------------
>
> Key: ACCUMULO-4069
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4069
> Project: Accumulo
> Issue Type: Bug
> Components: gc, master, monitor, tserver
> Affects Versions: 1.5.4, 1.6.4, 1.7.0
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Blocker
> Labels: kerberos
> Fix For: 1.6.5, 1.7.1, 1.8.0
>
>
> Got a report from a user that Accumulo services were dying after a period of
> time that was suspiciously similar to the Kerberos ticket lifetime.
> A Kerberos ticket lifetime is the amount of time that the ticket is valid
> (obtained from password or keytab). There is also a renewable lifetime
> associate with each ticket. Within the renewable lifetime duration, clients
> can "renew" their ticket for another "ticket lifetime" duration. For each, a
> lifetime of one day and a renewable lifetime of seven days: a ticket is valid
> for one day, but clients can renew that ticket up to 6 days after the
> original ticket expires.
> I do recall seeing a line of code in our services that has a comment saying
> it should spawn a thread specifically for this purpose, but I don't ever
> recall seeing that thread in thread dumps. My hunch is that the thread just
> isn't getting launched and we're not doing renewals
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)