Alexey Serbin has posted comments on this change. Change subject: [security] fixed shortened TSK validity interval ......................................................................
Patch Set 1: > Hey Alexey. That link isn't publicly accessible, maybe worth > explaining what the problem is? > > IIRC this patch basically fixes it so that the default is the > proper 7 days instead of an accidental 6 days. I don't see a big > benefit to making this backport, since the real fix is to do the > automatic renewal which is added in later versions, but maybe I'm > missing something. Yep, the link is not publicly accessible -- that's my bad (and I don't know how to update that comment if using just gerrit itself). In short, the link points to a discussion for a couple of issues as it's seen when using the Kudu Java client. The first issue was the absence of automatic authn token re-acquisition in the Java client, and the second issue was the invalidation of an authn token due to the expiration of its signing key. The first issue is the client-side one, and the second is the server-side misconfiguration-like bug. You are right -- since the former issue is addressed in 603c1578, the automatic authn token re-acquisition is also triggered when the latter manifests itself. So, from the Kudu client's perspective, it's only necessary to pick up changelist 603c1578 to handle both issues automatically. -- To view, visit http://gerrit.cloudera.org:8080/7411 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I84f9789276c4b48a3ba5274393fe30c8bf3ea85d Gerrit-PatchSet: 1 Gerrit-Project: kudu Gerrit-Branch: branch-1.3.x Gerrit-Owner: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Jean-Daniel Cryans <jdcry...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-HasComments: No