thanks! it makes sense to use loginUserFromKeytab initially and then checkTGTAndReloginFromKeytab or reloginFromKeytab periodically. i will try to find the usage of these in the code for the services such as namenode (a quick grep doesnt show these relogin functions being called...)
On Sun, Jun 29, 2014 at 8:52 PM, Geoff Thompson <[email protected]> wrote: > Hi Koert, > > I don’t have an example. However, perhaps class > org.apache.hadoop.security.UserGroupInformation has what you need. Some > relevant methods are: > reloginFromKeytab() > reloginFromTicketCache() > loginUserFromKeytab(String user, String path) > > Geoff > > On Jun 29, 2014, at 5:50 PM, Koert Kuipers <[email protected]> wrote: > > how do long lived services such as the namenode or yarn resourcemanager > deal with kerberos ticket expiration for the user that runs the service? > > do they periodically renew/refresh their tickets by calling > SecurityUtil.login(conf, keytab, user, host)? > > where can i find an example the code that handles this (in NameNode.java > its easy to find the initial login but i cannot find the code that handles > with expiration/renewal/refresh of tickets)? > > thanks! koert > > >
