From c6f68a7f98c35bef3a9cf4c71f19c249612618e9 Mon Sep 17 00:00:00 2001
From: Xiaoyu Yao <xyao@apache.org>
Date: Mon, 28 Dec 2015 10:41:26 -0800
Subject: [PATCH] HADOOP-12559. KMS connection failures should trigger TGT
 renewal. Contributed by Zhe Zhang.

Conflicts:
	hadoop-common-project/hadoop-common/CHANGES.txt
---
 .../org/apache/hadoop/crypto/key/kms/KMSClientProvider.java     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
index 149424fb87d..ea50d213af6 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/crypto/key/kms/KMSClientProvider.java
@@ -474,6 +474,8 @@ private HttpURLConnection createConnection(final URL url, String method)
           UserGroupInformation.AuthenticationMethod.PROXY)
                               ? currentUgi.getShortUserName() : null;
 
+      // check and renew TGT to handle potential expiration
+      actualUgi.checkTGTAndReloginFromKeytab();
       // creating the HTTP connection using the current UGI at constructor time
       conn = actualUgi.doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
         @Override