Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
FALCON-2025 Periodic revalidation of kerberos credentials should be d…
…one on loginUser

Author: bvellanki <bvellanki@hortonworks.com>

Reviewers: "sandeepSamudrala <sandysmdl@gmail.com>, Praveen Adlakha <adlakha.praveen@gmail.com>, Sowmya Ramesh <sowmya_kr@apache.org>, Venkat Ranganathan <venkat@hortonworks.com>"

Closes #183 from bvellanki/FALCON-2025

(cherry picked from commit 00a07d5)
Signed-off-by: bvellanki <bvellanki@hortonworks.com>
  • Loading branch information
bvellanki committed Jun 14, 2016
1 parent df6b53c commit 11ca2a0eb51821a03bd31b192c89e36530fb0961
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 7 deletions.
@@ -262,7 +262,9 @@ private void validateInputs(UserGroupInformation ugi, final URI uri,

try {
if (UserGroupInformation.isSecurityEnabled()) {
ugi.checkTGTAndReloginFromKeytab();
LOG.debug("Revalidating Auth Token with auth method {}",
UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
}
} catch (IOException ioe) {
throw new FalconException("Exception while getting FileSystem. Unable to check TGT for user "
@@ -67,6 +67,7 @@ public class AuthenticationInitializationService implements FalconService {

private Timer timer = new Timer();
private static final String SERVICE_NAME = "Authentication initialization service";
private static final long DEFAULT_VALIDATE_FREQUENCY_SECS = 86300;

@Override
public String getName() {
@@ -83,8 +84,13 @@ public void init() throws FalconException {
String authTokenValidity = StartupProperties.get().getProperty(AUTH_TOKEN_VALIDITY_SECONDS);
long validateFrequency;
try {
// -100 so that revalidation is done before expiry.
validateFrequency = (StringUtils.isNotEmpty(authTokenValidity))
? Long.parseLong(authTokenValidity) : 86400;
? (Long.parseLong(authTokenValidity) - 100) : DEFAULT_VALIDATE_FREQUENCY_SECS;
if (validateFrequency < 0) {
throw new NumberFormatException("Value provided for startup property \""
+ AUTH_TOKEN_VALIDITY_SECONDS + "\" should be greater than 100.");
}
} catch (NumberFormatException nfe) {
throw new FalconException("Invalid value provided for startup property \""
+ AUTH_TOKEN_VALIDITY_SECONDS + "\", please provide a valid long number", nfe);
@@ -149,12 +155,12 @@ private static class TokenValidationThread extends TimerTask {
@Override
public void run() {
try {
LOG.info("Validating Auth Token: {}", new Date());
initializeKerberos();
LOG.debug("Revalidating Auth Token at : {} with auth method {}", new Date(),
UserGroupInformation.getLoginUser().getAuthenticationMethod().name());
UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab();
} catch (Throwable t) {
LOG.error("Error in Auth Token Validation task: ", t);
GenericAlert.initializeKerberosFailed(
"Exception in Auth Token Validation : ", t);
LOG.error("Error in Auth Token revalidation task: ", t);
GenericAlert.initializeKerberosFailed("Exception in Auth Token revalidation : ", t);
}
}
}

0 comments on commit 11ca2a0

Please sign in to comment.