[
https://issues.apache.org/jira/browse/HBASE-24768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Geoffrey Jacoby resolved HBASE-24768.
-------------------------------------
Fix Version/s: 1.7.0
Resolution: Fixed
This JIRA was merged back in October 2020 and seems to have been included in
1.7.0, but wasn't resolved and didn't have a Fix Version.
> Clear cached service kerberos ticket in case of SASL failures thrown from
> server side
> -------------------------------------------------------------------------------------
>
> Key: HBASE-24768
> URL: https://issues.apache.org/jira/browse/HBASE-24768
> Project: HBase
> Issue Type: Bug
> Reporter: Sandeep Guggilam
> Priority: Major
> Fix For: 1.7.0
>
>
> We setup a SASL connection using different mechanisms like Digest, Kerberos
> from master to RS for various activities like region assignment etc. In case
> of SASL connect failures, we try to dispose of the SaslRpcClient and try to
> relogin from the keytab on the client side. However the relogin from keytab
> method doesn't clear off the service ticket cached in memory unless TGT is
> about to expire within a timeframe.
> This actually causes an issue where there is a keytab refresh that happens
> because of expiry on the RS server and throws a SASL connect error when
> Master reaches out to the RS server with the cached service ticket that no
> longer works with the new refreshed keytab. We might need to clear off the
> service ticket cached as there could be a credential refresh on the RS server
> side when handling connect failures
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
