Todd Lipcon has posted comments on this change. ( http://gerrit.cloudera.org:8080/13918 )
Change subject: IMPALA-8783: Add Kerberos SPNEGO support to the http hs2 server ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/13918/1/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/13918/1/be/src/rpc/authentication.cc@565 PS1, Line 565: connection_context->return_headers; nit: std::move() around this http://gerrit.cloudera.org:8080/#/c/13918/1/be/src/transport/THttpServer.cpp File be/src/transport/THttpServer.cpp: http://gerrit.cloudera.org:8080/#/c/13918/1/be/src/transport/THttpServer.cpp@256 PS1, Line 256: h << "WWW-Authenticate: Negotiate" << CRLF; shouldn't we be using a Negotiate header which includes the token returned by gssapi here? I guess this will work for certain configurations where the server's initial challenge is empty, but I think there might be cases where this isn't the case. -- To view, visit http://gerrit.cloudera.org:8080/13918 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I15d9a842ab37ebc34b9fde5917137ff2961d870a Gerrit-Change-Number: 13918 Gerrit-PatchSet: 1 Gerrit-Owner: Thomas Tauber-Marshall <tmarsh...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Thu, 25 Jul 2019 17:47:33 +0000 Gerrit-HasComments: Yes