[
https://issues.apache.org/jira/browse/ACCUMULO-4069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15038014#comment-15038014
]
ASF GitHub Bot commented on ACCUMULO-4069:
------------------------------------------
Github user joshelser commented on a diff in the pull request:
https://github.com/apache/accumulo/pull/57#discussion_r46572392
--- Diff:
server/base/src/main/java/org/apache/accumulo/server/security/SecurityUtil.java
---
@@ -49,11 +52,10 @@ public static void serverLogin(AccumuloConfiguration
acuConf) {
if (login(principalConfig, keyTab)) {
try {
- // This spawns a thread to periodically renew the logged in
(accumulo) user
- UserGroupInformation.getLoginUser();
+ startTicketRenewalThread(UserGroupInformation.getCurrentUser(),
acuConf.getTimeInMillis(Property.GENERAL_KERBEROS_RENEWAL_PERIOD));
--- End diff --
> Do we want to start with UserGroupInformation.getCurrentUser
I'm not sure what you mean by "start with". It's just a getter -- there is
no renewal for keytab-based logins.
> Services failing to renew Kerberos ticket
> -----------------------------------------
>
> Key: ACCUMULO-4069
> URL: https://issues.apache.org/jira/browse/ACCUMULO-4069
> Project: Accumulo
> Issue Type: Bug
> Components: gc, master, monitor, tserver
> Affects Versions: 1.5.4, 1.6.4, 1.7.0
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Blocker
> Labels: kerberos
> Fix For: 1.6.5, 1.7.1, 1.8.0
>
>
> Got a report from a user that Accumulo services were dying after a period of
> time that was suspiciously similar to the Kerberos ticket lifetime.
> A Kerberos ticket lifetime is the amount of time that the ticket is valid
> (obtained from password or keytab). There is also a renewable lifetime
> associate with each ticket. Within the renewable lifetime duration, clients
> can "renew" their ticket for another "ticket lifetime" duration. For each, a
> lifetime of one day and a renewable lifetime of seven days: a ticket is valid
> for one day, but clients can renew that ticket up to 6 days after the
> original ticket expires.
> I do recall seeing a line of code in our services that has a comment saying
> it should spawn a thread specifically for this purpose, but I don't ever
> recall seeing that thread in thread dumps. My hunch is that the thread just
> isn't getting launched and we're not doing renewals
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)