> On Oct. 15, 2018, 10:38 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/service/thrift/TestGSSCallback.java > > Lines 52 (patched) > > <https://reviews.apache.org/r/69030/diff/3/?file=2098163#file2098163line52> > > > > You never set HADOOP_SECURITY_AUTH_TO_LOCAL in conf. What is different > > from following code > > > > KerberosName.setRules(defaultRule); > > > > instead of > > String defaultRule = "DEFAULT"; > > String ruleString = conf.get(HADOOP_SECURITY_AUTH_TO_LOCAL, > > defaultRule); > > KerberosName.setRules(ruleString);
Lina, I simplified the config setting for the sake of testing. In reality the HADOOP_SECURITY_AUTH_TO_LOCAL mappign will be done in the UserGroupInformation#initialize() method which is invoked when sentry service is started. Here I am invoking the configuration by calling KerberosName.setRules(ruleString); - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/69030/#review209572 ----------------------------------------------------------- On Oct. 15, 2018, 9:56 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/69030/ > ----------------------------------------------------------- > > (Updated Oct. 15, 2018, 9:56 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda, Na Li, and Sergio Pena. > > > Bugs: SENTRY-2427 > https://issues.apache.org/jira/browse/SENTRY-2427 > > > Repository: sentry > > > Description > ------- > > Sentry doesn't use auth to local group mapping hadoop configuration. We may > have a use case for cross realm users to have access to sentry service and in > which case Sentry needs to have access to those configurations. Switching to > using KerberosName will handle that case and other cases as well > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/service/thrift/GSSCallback.java > d2d85d3a2 > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/service/thrift/TestGSSCallback.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/69030/diff/3/ > > > Testing > ------- > > > Thanks, > > Arjun Mishra > >
