ZOOKEEPER-1181 : Fix problems with Kerberos TGT renewal
Review Request #1958 - Created Sept. 19, 2011 and updated
Currently, in Zookeeper trunk, there are two problems with Kerberos TGT renewal: 1. TGTs obtained from a keytab are not refreshed periodically. They should be, just as those from ticket cache are refreshed. 2. Ticket renewal should be retried if it fails. Ticket renewal might fail if two or more separate processes (different JVMs) running as the same user try to renew Kerberos credentials at the same time.
Have tested this with a Kerberized HBase/Hadoop cluster on Amazon EC2. Tested with a short Kerberos ticket life (modprinc -maxlife "5 minutes") for zookeeper server and clients. Tested with zookeeper server using a keytab and zookeeper client with ticket cache. Ran YCSB on HBase successfully on a one master, 3 regionserver cluster, where the master and 2 of the regionservers ran Quorum Peers.