[kudu-CR] WIP: support SPNEGO for web server

Wed, 15 May 2019 01:24:19 -0700 

Hello Lars Volker, Alexey Serbin,

I'd like you to do a code review. Please visit

    http://gerrit.cloudera.org:8080/13341

to review the following change.


Change subject: WIP: support SPNEGO for web server
......................................................................

WIP: support SPNEGO for web server

SPNEGO is a protocol for securing HTTP requests with Kerberos by passing
negotiation through HTTP headers. It's supported by most major browsers
and also by most of the Java-based Hadoop components. Notably, it's also
the typical way in which Apache Knox authenticates itself to Hadoop
components in the "trusted proxy" mode, allowing them to be secured
behind Knox's SSO and other policies.

This patch implements the SPNEGO protocol by driving GSSAPI. A simple
unit test implements a simplified "just open a socket" HTTP server and
authenticates to it using curl. There is also the beginnings of an
integration into the webserver itself, but the patch is marked as WIP
because that integration needs quite some work. Some very basic testing
against a kerberized mini-cluster seems to indicate it works, though.

Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7
---
M src/kudu/rpc/client_negotiation.cc
M src/kudu/security/CMakeLists.txt
A src/kudu/security/gssapi.cc
A src/kudu/security/gssapi.h
A src/kudu/security/spnego-test.cc
M src/kudu/security/test/mini_kdc.cc
M src/kudu/security/test/mini_kdc.h
M src/kudu/server/webserver.cc
M src/kudu/util/curl_util.cc
M src/kudu/util/curl_util.h
M thirdparty/build-definitions.sh
11 files changed, 485 insertions(+), 33 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/41/13341/1
--
To view, visit http://gerrit.cloudera.org:8080/13341
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I9449ac610aa7d11bbf320d9178a6d73684ff15f7
Gerrit-Change-Number: 13341
Gerrit-PatchSet: 1
Gerrit-Owner: Todd Lipcon <t...@apache.org>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Lars Volker <l...@cloudera.com>

Reply via email to