Todd Lipcon has submitted this change and it was merged. Change subject: Enable GSSAPI for servers and ExternalMiniCluster ......................................................................
Enable GSSAPI for servers and ExternalMiniCluster This adds a flag --server_require_kerberos, which makes the server only advertise the GSSAPI mechanism. It also adds the appropriate hook to the client to enable GSSAPI as a supported GSSAPI mechanism. With this I was able to start a kudu master with the new flag enabled, and then use Kerberos to authenticate a client. This also adds some basic support to ExternalMiniCluster to start a kerberized cluster. This involves starting a KDC, creating keytabs for each server, passing the appropriate environment down as environment variables, and setting up a client principal for the test itself. In order for these tests to work, I had to tweak some settings in krb5.conf, and then make corresponding changes to sasl_rpc-test to use IP addresses instead of hostnames. Change-Id: I595469e9cc8b2b2f57e9726014eeeb8112595801 Reviewed-on: http://gerrit.cloudera.org:8080/4765 Tested-by: Kudu Jenkins Reviewed-by: Dan Burkert <danburk...@apache.org> Reviewed-by: Alexey Serbin <aser...@cloudera.com> --- M src/kudu/integration-tests/CMakeLists.txt M src/kudu/integration-tests/external_mini_cluster-test.cc M src/kudu/integration-tests/external_mini_cluster.cc M src/kudu/integration-tests/external_mini_cluster.h M src/kudu/rpc/connection.cc M src/kudu/rpc/sasl_rpc-test.cc M src/kudu/security/mini_kdc-test.cc M src/kudu/security/mini_kdc.cc M src/kudu/security/mini_kdc.h M src/kudu/util/subprocess-test.cc M src/kudu/util/subprocess.cc M src/kudu/util/subprocess.h 12 files changed, 198 insertions(+), 17 deletions(-) Approvals: Dan Burkert: Looks good to me, approved Alexey Serbin: Looks good to me, approved Kudu Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/4765 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: merged Gerrit-Change-Id: I595469e9cc8b2b2f57e9726014eeeb8112595801 Gerrit-PatchSet: 12 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Will Berkeley <wdberke...@gmail.com>
