Todd Lipcon has submitted this change and it was merged. Change subject: rpc: support GSSAPI authentication ......................................................................
rpc: support GSSAPI authentication This patch consists of a bunch of changes necessary to support GSSAPI (Kerberos) authentication during RPC negotiation: - rename the authenticated user field from 'plain_auth_user' to 'authenticated_user' and set it from the SASL_USERNAME property. - make the calls to enable various SASL mechanisms before initializing the SASL client: it seems that the client grabs the mechanism option during sasl_client_init, rather than on the first step, so it wasn't picking up the GSSAPI mechanism without reordering this. This caused a bunch of associated reorderings in the tests. - add code to actually enable the GSSAPI mechanism. There are a few related test changes as well: - MiniKDC can now create keytabs for service principals. - MiniKDC has the ability to set the krb5-related environment variables. I spent quite some time trying to figure out how to programmatically pass these things in on a per-connection basis and came up empty-handed except for amusing comments like 'FIXME: This code is broken' where the SASL GSSAPI implementation has a half-baked implementation of programmatic keytab-setting. - The top-level test_main (which runs all tests) as well as the KuduTest::Setup() method now explicit override a few krb5-related environment variables so that whatever settings the user might have (either in env variables or in /etc/krb5.conf) will not be picked up by tests. Change-Id: I3c1b93045acd428ef3437597059c5106b03e25d0 Reviewed-on: http://gerrit.cloudera.org:8080/4763 Tested-by: Kudu Jenkins Reviewed-by: Todd Lipcon <t...@apache.org> --- M src/kudu/rpc/CMakeLists.txt M src/kudu/rpc/connection.cc M src/kudu/rpc/constants.cc M src/kudu/rpc/negotiation.cc M src/kudu/rpc/sasl_client.cc M src/kudu/rpc/sasl_client.h M src/kudu/rpc/sasl_common.cc M src/kudu/rpc/sasl_common.h M src/kudu/rpc/sasl_helper.cc M src/kudu/rpc/sasl_helper.h M src/kudu/rpc/sasl_rpc-test.cc M src/kudu/rpc/sasl_server.cc M src/kudu/rpc/sasl_server.h M src/kudu/security/mini_kdc-test.cc M src/kudu/security/mini_kdc.cc M src/kudu/security/mini_kdc.h M src/kudu/util/test_main.cc M src/kudu/util/test_util.cc M src/kudu/util/test_util.h 19 files changed, 341 insertions(+), 48 deletions(-) Approvals: Todd Lipcon: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/4763 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3c1b93045acd428ef3437597059c5106b03e25d0 Gerrit-PatchSet: 7 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
