[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: Verified+1 -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 20:26:40 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Impala Public Jenkins has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Allow configuration of values passed into kerberos env vars We always used hardcoded constants for the following kerberos environment variables: KRB5CCNAME and KRB5RCACHETYPE. This patch allows for the configuration of these variables by taking arguments to InitKerberosForServer(). Callsites within Kudu have not been changed as all the parameters have default values. The motivation for this patch is that, Impala as a user of the KuduRPC and Kudu security libraries, needs to have a file based credential cache since the kinit happens on the C++ side and this cache needs to be read by the Java side too. Hence, we cannot have it in memory. Also, Impala still requires replay protection, since some Impala services use Thrift which lacks the nonce mechanism that KRPC uses for replay protection. Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Reviewed-on: http://gerrit.cloudera.org:8080/8247 Reviewed-by: Todd Lipcon Tested-by: Todd Lipcon Reviewed-on: http://gerrit.cloudera.org:8080/8308 Reviewed-by: Michael Ho Tested-by: Impala Public Jenkins --- M be/src/kudu/security/init.cc M be/src/kudu/security/init.h 2 files changed, 19 insertions(+), 12 deletions(-) Approvals: Michael Ho: Looks good to me, approved Impala Public Jenkins: Verified -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 2 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/1345/ -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 16:34:47 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: Verified-1 Build failed: https://jenkins.impala.io/job/gerrit-verify-dryrun/1342/ -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 07:46:14 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: Build started: https://jenkins.impala.io/job/gerrit-verify-dryrun/1342/ -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 04:05:06 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Michael Ho has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: Code-Review+2 -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 00:34:09 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Sailesh Mukil has posted comments on this change. ( http://gerrit.cloudera.org:8080/8308 ) Change subject: Allow configuration of values passed into kerberos env vars .. Patch Set 1: > Uploaded patch set 1. This cherry-pick from Kudu was clean and is required for avoiding code divergence with Kudu on IMPALA-5129 (https://gerrit.cloudera.org/#/c/7938/) -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Michael Ho Gerrit-Reviewer: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon Gerrit-Comment-Date: Wed, 18 Oct 2017 00:01:41 + Gerrit-HasComments: No
[Impala-ASF-CR] Allow configuration of values passed into kerberos env vars
Hello Todd Lipcon, I'd like you to do a code review. Please visit http://gerrit.cloudera.org:8080/8308 to review the following change. Change subject: Allow configuration of values passed into kerberos env vars .. Allow configuration of values passed into kerberos env vars We always used hardcoded constants for the following kerberos environment variables: KRB5CCNAME and KRB5RCACHETYPE. This patch allows for the configuration of these variables by taking arguments to InitKerberosForServer(). Callsites within Kudu have not been changed as all the parameters have default values. The motivation for this patch is that, Impala as a user of the KuduRPC and Kudu security libraries, needs to have a file based credential cache since the kinit happens on the C++ side and this cache needs to be read by the Java side too. Hence, we cannot have it in memory. Also, Impala still requires replay protection, since some Impala services use Thrift which lacks the nonce mechanism that KRPC uses for replay protection. Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Reviewed-on: http://gerrit.cloudera.org:8080/8247 Reviewed-by: Todd Lipcon Tested-by: Todd Lipcon --- M be/src/kudu/security/init.cc M be/src/kudu/security/init.h 2 files changed, 19 insertions(+), 12 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/08/8308/1 -- To view, visit http://gerrit.cloudera.org:8080/8308 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Iab4ce72c04ec4056dc89fb4c1c540a6fdaca4404 Gerrit-Change-Number: 8308 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil Gerrit-Reviewer: Todd Lipcon