Todd Lipcon has posted comments on this change. ( http://gerrit.cloudera.org:8080/13341 )
Change subject: Support SPNEGO for web server ...................................................................... Patch Set 3: (3 comments) http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/server/webserver.cc@144 PS3, Line 144: wlil > nit: will Done http://gerrit.cloudera.org:8080/#/c/13341/4/src/kudu/server/webserver.cc File src/kudu/server/webserver.cc: http://gerrit.cloudera.org:8080/#/c/13341/4/src/kudu/server/webserver.cc@287 PS4, Line 287: if (opts_.require_spnego) { > IIRC, there is some sequence of searching for the server-side keytab. Coul I believe at this point the --keytab_file is already propagated into $KRB5_KTNAME by security::InitKerberosForServer. I think we could customize the gss_accept_* calls to use some specific credential store/keytab if we wanted, but for SASL purposes I remember it was basically impossible to do without just setting this env var. So, here we're just relying on the same. I'll add a comment. http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/util/curl_util.h File src/kudu/util/curl_util.h: http://gerrit.cloudera.org:8080/#/c/13341/3/src/kudu/util/curl_util.h@95 PS3, Line 95: spnego_ > nit: 'use_spnego_' might be a better name from readability perspective Done -- To view, visit http://gerrit.cloudera.org:8080/13341 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7 Gerrit-Change-Number: 13341 Gerrit-PatchSet: 3 Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Lars Volker <l...@cloudera.com> Gerrit-Reviewer: Thomas Marshall <tmarsh...@cloudera.com> Gerrit-Reviewer: Tidy Bot (241) Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Fri, 07 Jun 2019 05:17:46 +0000 Gerrit-HasComments: Yes