In our NiFi flow we use PutHDFS to store data file in HDFS & PutHiveQL processors to perform INSERT/ALTER actions against Hive tables. We have multiple PutHDFS & PutHiveQL processors in the flow. However the all the PutHiveQL processor will refer to a common HiveConnectionPool controller services. Also our environment is kerberized & hence we use Kerberos Principal & Keytab information in PutHDFS & HiveConnectionPool controller services.
As per security policy, the account password gets updated every 30 days & a new Keytab has to be generated.
All our NiFi flows will be running 24x7. What we have observed is that, when there is a update to the password & before the new Keytab is getting placed, the HDFS & PutHiveQL processors continuously runs with the older Keytab information(since we have connected the Failure relation back to the processor itself) and it locks the account(Active Directory account).
We would like to get answers' for the below queries,
1. Is Account's password getting locked due to continuous retry a valid scenario? 2. Is there any way to make sure the password does not get locked if the processors try with an incorrect Keytab information?