[ https://issues.apache.org/jira/browse/HBASE-24768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Geoffrey Jacoby resolved HBASE-24768. ------------------------------------- Fix Version/s: 1.7.0 Resolution: Fixed This JIRA was merged back in October 2020 and seems to have been included in 1.7.0, but wasn't resolved and didn't have a Fix Version. > Clear cached service kerberos ticket in case of SASL failures thrown from > server side > ------------------------------------------------------------------------------------- > > Key: HBASE-24768 > URL: https://issues.apache.org/jira/browse/HBASE-24768 > Project: HBase > Issue Type: Bug > Reporter: Sandeep Guggilam > Priority: Major > Fix For: 1.7.0 > > > We setup a SASL connection using different mechanisms like Digest, Kerberos > from master to RS for various activities like region assignment etc. In case > of SASL connect failures, we try to dispose of the SaslRpcClient and try to > relogin from the keytab on the client side. However the relogin from keytab > method doesn't clear off the service ticket cached in memory unless TGT is > about to expire within a timeframe. > This actually causes an issue where there is a keytab refresh that happens > because of expiry on the RS server and throws a SASL connect error when > Master reaches out to the RS server with the cached service ticket that no > longer works with the new refreshed keytab. We might need to clear off the > service ticket cached as there could be a credential refresh on the RS server > side when handling connect failures -- This message was sent by Atlassian Jira (v8.20.10#820010)