That's correct, it works because after the initial attempt to use the token fails (due to the timeout and the renewal timeout), a new kerberos login using the keytab is initiated for the request.
For the difference: "renewal of ticket" is an action that happens within the Kerberos protocol using a token within that protocol to ask for the authorization to be extended for more time; "reloginFromKey" initiates a new Kerberos ticket request (when needed) to get an access token. This talk from our Josh Elser at HBaseCon East 2016 provides a good overview of Kerberos in general and its use in Hadoop / HBase: https://youtu.be/bJh6m5Od3jE On Tue, Dec 27, 2016 at 11:38 AM, Paramesh Nc <[email protected]> wrote: > Dear All, > > I am running program which fetches the records from the secured > (Kerboraized ) HBase . > > And user principal I am using in my program has maximumlife of 30 Seconds > and maximum renewal life of 1 Minutes . > > And I am actually doing an experiment in the test program to understand how > auto renewal works in Hadoop . > > When I am making the thread sleep for every one minute before fetching the > records it able to fetch the records . > > My question here even though auto renewal of ticket is working fine . > > Since the maximum renewable life time is 1 minutes when make the thread > sleep for a miuntes and then fetches the records it still able to fetch the > records How come this is possible as it violates the basic definition of > the maximum renewable life time of ticket . > > Is it because whenever it performs the reloginFromKeyTab before making an > RPC call the life time of ticket it getting refreshed and advanced to the > future time . i.e the current renewal time + maximum life time . > > And what is the difference between renewal of ticket and reloginFromKey . > > Thanks in Advance, > > Param. -- busbey
