Sailesh Mukil has abandoned this change. Change subject: [security] avoid tickets with NULL 'renew_till' ......................................................................
Abandoned Turns out that this patch makes the issue mentioned in the commit message less severe, but still hits it occasionally. The reason is that if the Kudu side renew tickets, the Java side (from hadoop-common in my testing) could also have its own renewal thread working on the same credential cache. And even if we're careful with our renewals, the java side could renew outside the ideal window that we're trying to maintain. The only other way to work around this is to always reacquire instead of renew, thereby not giving a chance for the Java side renewal thread to renew outside this ideal window, as our reacquisition of the ticket would always reset the window for the new ticket in the credential cache. Also, we don't have anything to gain in terms of performance or security from renewing vs. reacquiring when we login from a keytab. I will put out another patch which removes the renewal code and only always reacquires. -- To view, visit http://gerrit.cloudera.org:8080/7770 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: abandon Gerrit-Change-Id: I59194af94838f680df4ce121a8dee526a876e369 Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]>
