Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add relogin logic to renew the Kerberos TGT once it expire (#5096) 

* Kerberos TGT will expire after some pre-determined time, this patch add relogin calls

Change-Id: I17ccb9b42aa3032de5d28c8c21e4ffbe8222b815

* exit if the first login passed

Change-Id: Ifefd5e9e0dd7d07b05cc493ab1f72415de557ec2
This commit is contained in:
Slim 2017-11-20 04:03:39 -08:00 committed by Nishant Bangarwa
parent 50140ce820
commit e115da39df
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
extensions-core/druid-kerberos/src/main/java/io/druid/security/kerberos/DruidKerberosUtil.java
View File

@ -99,10 +99,22 @@ public class DruidKerberosUtil
conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(conf);
try {
//login for the first time.
if (UserGroupInformation.getCurrentUser().hasKerberosCredentials() == false
|| !UserGroupInformation.getCurrentUser().getUserName().equals(internalClientPrincipal)) {
log.info("trying to authenticate user [%s] with keytab [%s]", internalClientPrincipal, internalClientKeytab);
UserGroupInformation.loginUserFromKeytab(internalClientPrincipal, internalClientKeytab);
return;
}
//try to relogin in case the TGT expired
if (UserGroupInformation.isLoginKeytabBased()) {
log.info("Re-Login from key tab [%s] with principal [%s]", internalClientKeytab, internalClientPrincipal);
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
return;
} else if (UserGroupInformation.isLoginTicketBased()) {
log.info("Re-Login from Ticket cache");
UserGroupInformation.getLoginUser().reloginFromTicketCache();
return;
}
}
catch (IOException e) {