[
https://issues.apache.org/jira/browse/SENTRY-1037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15124471#comment-15124471
]
Sravya Tirukkovalur commented on SENTRY-1037:
---------------------------------------------
[~gchanan] Changed the description of the jira based on the discussion on RB
and changes that you made in the final patch. Does it look good?
Just to summarize:
In this patch, we are setting "hadoop.security.authentication" to "kerberos" in
the SentryGenericServiceClientDefaultImpl, mainly to avoid requiring
integrating services to workaround the issue of hadoop-auth( it requires this
property to be set when getting the logged in user using UGI)
> Set "hadoop.security.authentication" to "kerberos" in the Generic Client
> ------------------------------------------------------------------------
>
> Key: SENTRY-1037
> URL: https://issues.apache.org/jira/browse/SENTRY-1037
> Project: Sentry
> Issue Type: Bug
> Components: Service, Solr Plugin
> Affects Versions: 1.7.0
> Reporter: Gregory Chanan
> Assignee: Gregory Chanan
> Fix For: 1.7.0
>
> Attachments: SENTRY-1037.patch, SENTRY-1037.patch
>
>
> Today, the SentryShellSolr follows the same pattern as SentryShellHive, which
> is just getting a "new Configuration()". In order to connect to a service
> requiring kerberos, the Configuration must have
> "hadoop.security.authentication" set to "kerberos" since the generic client
> uses hadoop-auth to do the authentication. But this will often not be set in
> the context of Solr, which may not even have a hadoop-related configuration
> around.
> So, we should handle the configuration in the same way as we do for the
> binding; namely, if the client intends to use kerberos, we set
> "hadoop.security.authentication" to "kerberos"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
