subject:"\[kudu\-CR\] KUDU\-2198. Allow disregarding system\-wide auth\-to\-local mapping"

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Todd Lipcon (Code Review)

Todd Lipcon has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/8373 )

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..

KUDU-2198. Allow disregarding system-wide auth-to-local mapping

This adds a workaround for an issue reported on the user mailing list.
Some systems are configured such that the auth_to_local mapping provided
by the krb5 library doesn't work properly for service accounts.

This patch adds a new configuration which allows Kudu to disregard the
system auth_to_local rules and instead just map kerberos principals to
their first component, which is typically the username.

Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Reviewed-on: http://gerrit.cloudera.org:8080/8373
Reviewed-by: Alexey Serbin 
Reviewed-by: Dan Burkert 
Tested-by: Kudu Jenkins
---
M src/kudu/security/init.cc
1 file changed, 24 insertions(+), 11 deletions(-)

Approvals:
  Alexey Serbin: Looks good to me, approved
  Dan Burkert: Looks good to me, approved
  Kudu Jenkins: Verified

--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 3
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Dan Burkert (Code Review)

Dan Burkert has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/8373 )

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..


Patch Set 2: Code-Review+2


--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 2
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon 
Gerrit-Comment-Date: Tue, 24 Oct 2017 20:21:19 +
Gerrit-HasComments: No

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Alexey Serbin (Code Review)

Alexey Serbin has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/8373 )

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..


Patch Set 2: Code-Review+2


--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 2
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon 
Gerrit-Comment-Date: Tue, 24 Oct 2017 20:18:10 +
Gerrit-HasComments: No

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Todd Lipcon (Code Review)

Hello Alexey Serbin, Dan Burkert, Kudu Jenkins,

I'd like you to reexamine a change. Please visit

http://gerrit.cloudera.org:8080/8373

to look at the new patch set (#2).

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..

KUDU-2198. Allow disregarding system-wide auth-to-local mapping

This adds a workaround for an issue reported on the user mailing list.
Some systems are configured such that the auth_to_local mapping provided
by the krb5 library doesn't work properly for service accounts.

This patch adds a new configuration which allows Kudu to disregard the
system auth_to_local rules and instead just map kerberos principals to
their first component, which is typically the username.

Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
---
M src/kudu/security/init.cc
1 file changed, 24 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/73/8373/2
--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 2
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Todd Lipcon (Code Review)

Todd Lipcon has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/8373 )

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..


Patch Set 1:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc@75
PS1, Line 75: #define DEFAULT_SYSTEM_AUTH_TO_LOCAL true
> consider using a constant here, e.g. https://github.com/apache/kudu/blob/ma
Done


http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc@84
PS1, Line 84: componnt
> component
Done



--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 1
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Todd Lipcon 
Gerrit-Comment-Date: Tue, 24 Oct 2017 20:06:11 +
Gerrit-HasComments: Yes

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Dan Burkert (Code Review)

Dan Burkert has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/8373 )

Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..


Patch Set 1:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc
File src/kudu/security/init.cc:

http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc@75
PS1, Line 75: #define DEFAULT_SYSTEM_AUTH_TO_LOCAL true
consider using a constant here, e.g. 
https://github.com/apache/kudu/blob/master/src/kudu/mini-cluster/mini_cluster.h#L93-L97.
  I don't feel too strongly if you want to keep it as-is, though.


http://gerrit.cloudera.org:8080/#/c/8373/1/src/kudu/security/init.cc@84
PS1, Line 84: componnt
component



--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 1
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert 
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Comment-Date: Tue, 24 Oct 2017 19:54:23 +
Gerrit-HasComments: Yes

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

2017-10-24 Thread Todd Lipcon (Code Review)

Hello Alexey Serbin, Dan Burkert,

I'd like you to do a code review. Please visit

http://gerrit.cloudera.org:8080/8373

to review the following change.


Change subject: KUDU-2198. Allow disregarding system-wide auth-to-local mapping
..

KUDU-2198. Allow disregarding system-wide auth-to-local mapping

This adds a workaround for an issue reported on the user mailing list.
Some systems are configured such that the auth_to_local mapping provided
by the krb5 library doesn't work properly for service accounts.

This patch adds a new configuration which allows Kudu to disregard the
system auth_to_local rules and instead just map kerberos principals to
their first component, which is typically the username.

Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
---
M src/kudu/security/init.cc
1 file changed, 24 insertions(+), 11 deletions(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/73/8373/1
--
To view, visit http://gerrit.cloudera.org:8080/8373
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2e893493f52965ea54d2ceaac83d375285b49486
Gerrit-Change-Number: 8373
Gerrit-PatchSet: 1
Gerrit-Owner: Todd Lipcon 
Gerrit-Reviewer: Alexey Serbin 
Gerrit-Reviewer: Dan Burkert

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

[kudu-CR] KUDU-2198. Allow disregarding system-wide auth-to-local mapping

7 matches

Site Navigation

Mail list logo

Footer information