[ https://issues.apache.org/jira/browse/HADOOP-17159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mingliang Liu resolved HADOOP-17159. ------------------------------------ Fix Version/s: 2.10.1 Hadoop Flags: Reviewed Resolution: Fixed Committed to 2.10.1 and 3.1.5+ see "Fix Version/s". Thank you for your contribution, [~sandeep.guggilam] > Make UGI support forceful relogin from keytab ignoring the last login time > -------------------------------------------------------------------------- > > Key: HADOOP-17159 > URL: https://issues.apache.org/jira/browse/HADOOP-17159 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Affects Versions: 2.10.0, 3.3.0, 3.2.1, 3.1.3 > Reporter: Sandeep Guggilam > Assignee: Sandeep Guggilam > Priority: Major > Fix For: 3.2.2, 2.10.1, 3.3.1, 3.4.0, 3.1.5 > > Time Spent: 40m > Remaining Estimate: 0h > > Currently we have a relogin() method in UGI which attempts to login if there > is no login attempted in the last 10 minutes or configured amount of time > We should also have provision for doing a forceful relogin irrespective of > the time window that the client can choose to use it if needed . Consider the > below scenario: > # SASL Server is reimaged and new keytabs are fetched with refreshing the > password > # SASL client connection to the server would fail when it tries with the > cached service ticket > # We should try to logout to clear the service tickets in cache and then try > to login back in such scenarios. But since the current relogin() doesn't > guarantee a login, it could cause an issue > # A forceful relogin in this case would help after logout > -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org