Just a short followup about the HUE kt_renewer issue I discovered. It turns out that the issue was me and not HUE.
The fix turned out to be pretty simple once I saw the clue in a related issue. It seems like Cloudera Manager had the same issue.
The problem ended up being a missing “renew_lifetime” setting in [libdefaults] section of my krb5.conf files.
Without renew_lifetime set:
$ kinit Password for me@EXAMPLE.NET: $ klist Ticket cache: FILE:/tmp/krb5cc_2108 Default principal: me@EXAMPLE.NET Valid starting Expires Service principal 04/17/14 14:50:58 04/20/14 14:50:58 krbtgt/EXAMPLE.NET@EXAMPLE.NET $ kdestroy
With renew_lifetime set:
$ kinit
Password for me@EXAMPLE.NET:
$ klist
Ticket cache: FILE:/tmp/krb5cc_2108
Default principal: me@EXAMPLE.NET
Valid starting Expires Service principal
04/17/14 14:51:19 04/20/14 14:51:19 krbtgt/EXAMPLE.NET@EXAMPLE.NET
renew until 04/24/14 14:51:19
I think what happened was that I was expecting max_renewable_lifetime to do the renewal auto-request. I had tried just renewal, but that seems like it’s not valid for Linux MIT Kerberos (although it appears fine for Solaris).
Ultimately, my [libdefaults] now looks like this:
[libdefaults]
ticket_lifetime = 3d
max_renewable_life = 7d
renewal_lifetime = 7d
Travis Campbell is a seasoned Linux Systems Engineer with nearly two decades of experience, ranging from dozens to tens of thousands of systems in the semiconductor industry, higher education, and high volume sites on the web. His current focus is on High Performance Computing, Big Data environments, and large scale web architectures.