From e115da39df0617037b014347da4413e0ce7577c6 Mon Sep 17 00:00:00 2001
From: Slim <b-slim@users.noreply.github.com>
Date: Mon, 20 Nov 2017 04:03:39 -0800
Subject: [PATCH] Add relogin logic to renew the Kerberos TGT once it expire
 (#5096)

* Kerberos TGT will expire after some pre-determined time, this patch add relogin calls

Change-Id: I17ccb9b42aa3032de5d28c8c21e4ffbe8222b815

* exit if the first login passed

Change-Id: Ifefd5e9e0dd7d07b05cc493ab1f72415de557ec2
---
 .../druid/security/kerberos/DruidKerberosUtil.java   | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/extensions-core/druid-kerberos/src/main/java/io/druid/security/kerberos/DruidKerberosUtil.java b/extensions-core/druid-kerberos/src/main/java/io/druid/security/kerberos/DruidKerberosUtil.java
index 1487e76d585..f7abbbbdb57 100644
--- a/extensions-core/druid-kerberos/src/main/java/io/druid/security/kerberos/DruidKerberosUtil.java
+++ b/extensions-core/druid-kerberos/src/main/java/io/druid/security/kerberos/DruidKerberosUtil.java
@@ -99,10 +99,22 @@ public class DruidKerberosUtil
       conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
       UserGroupInformation.setConfiguration(conf);
       try {
+        //login for the first time.
         if (UserGroupInformation.getCurrentUser().hasKerberosCredentials() == false
             || !UserGroupInformation.getCurrentUser().getUserName().equals(internalClientPrincipal)) {
           log.info("trying to authenticate user [%s] with keytab [%s]", internalClientPrincipal, internalClientKeytab);
           UserGroupInformation.loginUserFromKeytab(internalClientPrincipal, internalClientKeytab);
+          return;
+        }
+        //try to relogin in case the TGT expired
+        if (UserGroupInformation.isLoginKeytabBased()) {
+          log.info("Re-Login from key tab [%s] with principal [%s]", internalClientKeytab, internalClientPrincipal);
+          UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
+          return;
+        } else if (UserGroupInformation.isLoginTicketBased()) {
+          log.info("Re-Login from Ticket cache");
+          UserGroupInformation.getLoginUser().reloginFromTicketCache();
+          return;
         }
       }
       catch (IOException e) {