HADOOP-7091. reloginFromKeytab() should happen even if TGT can't be found. Contribued by Kan Zhang.

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1057455 13f79535-47bb-0310-9956-ffa450edef68

Author: jghoman

CHANGES.txt

@@ -56,6 +56,9 @@ Trunk (unreleased changes)
     HADOOP-6939. Inconsistent lock ordering in
     AbstractDelegationTokenSecretManager. (Todd Lipcon via tomwhite)
 
+    HADOOP-7091. reloginFromKeytab() should happen even if TGT can't be found.
+    (Kan Zhang via jghoman)
+
 Release 0.22.0 - Unreleased
 
   INCOMPATIBLE CHANGES

src/java/org/apache/hadoop/security/UserGroupInformation.java

@@ -526,7 +526,7 @@ public boolean isFromKeytab() {
    * Get the Kerberos TGT
    * @return the user's TGT or null if none was found
    */
-  private KerberosTicket getTGT() {
+  private synchronized KerberosTicket getTGT() {
     Set<KerberosTicket> tickets = subject
         .getPrivateCredentials(KerberosTicket.class);
     for (KerberosTicket ticket : tickets) {
@@ -657,20 +657,21 @@ public synchronized void reloginFromKeytab()
          !isKeytab)
       return;
 
-    KerberosTicket tgt = getTGT();
-    if (tgt == null) {
+    long now = System.currentTimeMillis();
+    if (!hasSufficientTimeElapsed(now)) {
       return;
     }
+
+    KerberosTicket tgt = getTGT();
     //Return if TGT is valid and is not going to expire soon.
-    if (System.currentTimeMillis() < getRefreshTime(tgt)) {
+    if (tgt != null && now < getRefreshTime(tgt)) {
       return;
     }
 
     LoginContext login = getLogin();
     if (login == null || keytabFile == null) {
       throw new IOException("loginUserFromKeyTab must be done first");
     }
-    long now = System.currentTimeMillis();
 
     long start = 0;
     // register most recent relogin attempt