Hello Lars Volker, Alexey Serbin, I'd like you to do a code review. Please visit
http://gerrit.cloudera.org:8080/13341 to review the following change. Change subject: WIP: support SPNEGO for web server ...................................................................... WIP: support SPNEGO for web server SPNEGO is a protocol for securing HTTP requests with Kerberos by passing negotiation through HTTP headers. It's supported by most major browsers and also by most of the Java-based Hadoop components. Notably, it's also the typical way in which Apache Knox authenticates itself to Hadoop components in the "trusted proxy" mode, allowing them to be secured behind Knox's SSO and other policies. This patch implements the SPNEGO protocol by driving GSSAPI. A simple unit test implements a simplified "just open a socket" HTTP server and authenticates to it using curl. There is also the beginnings of an integration into the webserver itself, but the patch is marked as WIP because that integration needs quite some work. Some very basic testing against a kerberized mini-cluster seems to indicate it works, though. Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7 --- M src/kudu/rpc/client_negotiation.cc M src/kudu/security/CMakeLists.txt A src/kudu/security/gssapi.cc A src/kudu/security/gssapi.h A src/kudu/security/spnego-test.cc M src/kudu/security/test/mini_kdc.cc M src/kudu/security/test/mini_kdc.h M src/kudu/server/webserver.cc M src/kudu/util/curl_util.cc M src/kudu/util/curl_util.h M thirdparty/build-definitions.sh 11 files changed, 485 insertions(+), 33 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/41/13341/1 -- To view, visit http://gerrit.cloudera.org:8080/13341 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7 Gerrit-Change-Number: 13341 Gerrit-PatchSet: 1 Gerrit-Owner: Todd Lipcon <t...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Lars Volker <l...@cloudera.com>