Halim Kim has posted comments on this change. ( http://gerrit.cloudera.org:8080/20278 )
Change subject: KUDU-3496 support spnego dedicated keytab ...................................................................... Patch Set 3: (2 comments) http://gerrit.cloudera.org:8080/#/c/20278/3/src/kudu/security/gssapi.cc File src/kudu/security/gssapi.cc: http://gerrit.cloudera.org:8080/#/c/20278/3/src/kudu/security/gssapi.cc@137 PS3, Line 137: if (!FLAGS_spnego_keytab_file.empty()) { > Is this code executed in every step SpnegoStep call? Is it intended? As far as I know, The keytab_file flag value will be stored in the KRB5_KTNAME env variable. GSS Acceptor uses this KRB5_KTNAME as default. I tend to use another keytab file name that user specifed in spnege_keytab_file flag instead of KRB5_KTNAME. So I put gss_register_acceptor_indentity function to change keytab file name. Actually I don't have much information about gss api. If you have better idea or something still curios, Please Let me know. Thank you. http://gerrit.cloudera.org:8080/#/c/20278/3/src/kudu/security/init.cc File src/kudu/security/init.cc: http://gerrit.cloudera.org:8080/#/c/20278/3/src/kudu/security/init.cc@88 PS3, Line 88: DEFINE_string(spnego_keytab_file, "", : "Absolute path to Kerberos keytab file " : "for HTTP spnego. If it is empty, --keytab_file flag will be used."); : TAG_FLAG(spnego_keytab_file, advanced); > Please add some explanation in the commit description why do we need a new Ok I will add explanation like I did in impala commit. -- To view, visit http://gerrit.cloudera.org:8080/20278 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I01646207954854d67308f99e6b71ba32c019ed6a Gerrit-Change-Number: 20278 Gerrit-PatchSet: 3 Gerrit-Owner: Halim Kim <rlagk...@gmail.com> Gerrit-Reviewer: Halim Kim <rlagk...@gmail.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <greber...@gmail.com> Gerrit-Reviewer: Zoltan Martonka <zmarto...@cloudera.com> Gerrit-Comment-Date: Sat, 14 Oct 2023 15:05:47 +0000 Gerrit-HasComments: Yes