[kudu-CR] Support SPNEGO for web server

Thu, 06 Jun 2019 22:17:56 -0700 

Todd Lipcon has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/13341 )

Change subject: Support SPNEGO for web server
......................................................................


Patch Set 3:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/server/webserver.cc
File src/kudu/server/webserver.cc:

http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/server/webserver.cc@144
PS3, Line 144: wlil
> nit: will
Done


http://gerrit.cloudera.org:8080/#/c/13341/4/src/kudu/server/webserver.cc
File src/kudu/server/webserver.cc:

http://gerrit.cloudera.org:8080/#/c/13341/4/src/kudu/server/webserver.cc@287
PS4, Line 287:   if (opts_.require_spnego) {
> IIRC, there is some sequence of searching for the server-side keytab.  Coul
I believe at this point the --keytab_file is already propagated into 
$KRB5_KTNAME by security::InitKerberosForServer. I think we could customize the 
gss_accept_* calls to use some specific credential store/keytab if we wanted, 
but for SASL purposes I remember it was basically impossible to do without just 
setting this env var. So, here we're just relying on the same. I'll add a 
comment.


http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/util/curl_util.h
File src/kudu/util/curl_util.h:

http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/util/curl_util.h@95
PS3, Line 95: spnego_
> nit: 'use_spnego_' might be a better name from readability perspective
Done



--
To view, visit http://gerrit.cloudera.org:8080/13341
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7
Gerrit-Change-Number: 13341
Gerrit-PatchSet: 3
Gerrit-Owner: Todd Lipcon <t...@apache.org>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Lars Volker <l...@cloudera.com>
Gerrit-Reviewer: Thomas Marshall <tmarsh...@cloudera.com>
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-Comment-Date: Fri, 07 Jun 2019 05:17:46 +0000
Gerrit-HasComments: Yes

Reply via email to