Todd Lipcon has posted comments on this change. Change subject: KUDU-1845: Kerberos client keytab should be periodically renewed ......................................................................
Patch Set 6: (2 comments) http://gerrit.cloudera.org:8080/#/c/5820/6/src/kudu/security/init.cc File src/kudu/security/init.cc: PS6, Line 189: KRB5_RETURN_NOT_OK_PREPEND(krb5_cc_default(krb5_ctx_, new_ccache), : "unable to get default credentials cache"); I'm not sure this is accomplishing what we want. Doesn't this just end up with krb5_ccache pointing at the same ticket cache that the old one was, rather than creating a new one? Line 248: int32_t interval = creds.times.endtime - time(nullptr); isn't it possible that the renewal time changes when we renew the ticket? maybe we should recalculate our "next renewal time" every time we renew? -- To view, visit http://gerrit.cloudera.org:8080/5820 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Ic4c072c1210216369e60eac88be4a20d9b166b2d Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: Yes