[
https://issues.apache.org/jira/browse/KUDU-3050?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tim Armstrong resolved KUDU-3050.
---------------------------------
Fix Version/s: 1.12.0
Resolution: Fixed
> Recover gracefully from corrupt kerberos credential cache
> ---------------------------------------------------------
>
> Key: KUDU-3050
> URL: https://issues.apache.org/jira/browse/KUDU-3050
> Project: Kudu
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.11.1
> Reporter: Tim Armstrong
> Assignee: Tim Armstrong
> Priority: Major
> Fix For: 1.12.0
>
>
> This was originally filed as IMPALA-9359, but the code is copied from Kudu.
> The proposed change is to ensure that the kerberos renewal thread (running
> the RenewThread() function) can recover if the kerberos credential cache is
> corrupted. We saw this scenario once where /tmp filled up, the cache file was
> somehow corrupted, and the daemon got wedged, unable to establish connections
> once its tickets expired.
> I prototyped a fix where it reruns Kinit() to reinitialize the cache when it
> encounters an error opening the cache.
> We may also want to adjust the backoff algorithm (since it backs off
> exponentially with no real upper bound) and improve logging so that there is
> more visibility into how the renewal thread is backing off.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
