yuqi1129 commented on code in PR #5165:
URL: https://github.com/apache/gravitino/pull/5165#discussion_r1805707783
##########
catalogs/catalog-hadoop/src/main/java/org/apache/gravitino/catalog/hadoop/authentication/kerberos/KerberosConfig.java:
##########
@@ -125,5 +139,13 @@ public int getFetchTimeoutSec() {
false /* immutable */,
60 /* defaultValue */,
false /* hidden */))
+ .put(
+ KRB5_CONF_KEY,
+ PropertyEntry.stringOptionalPropertyEntry(
+ KRB5_CONF_KEY,
+ "The Kerberos krb file for the catalog",
+ false /* immutable */,
+ "/etc/krb5.conf" /* defaultValue */,
Review Comment:
As the default value is `/etc/krb5.conf`, what if the file is not found?
##########
docs/hadoop-catalog.md:
##########
@@ -32,6 +32,7 @@ Besides the [common catalog
properties](./gravitino-server-config.md#gravitino-c
| `default-filesystem-provider` | The name default
filesystem providers of this Hadoop catalog if users do not specify the scheme
in the URI. Default value is `builtin-local`
| `builtin-local` | No
| 0.7.0-incubating |
| `authentication.impersonation-enable` | Whether to enable
impersonation for the Hadoop catalog.
| `false` | No
| 0.5.1 |
| `authentication.type` | The type of
authentication for Hadoop catalog, currently we only support `kerberos`,
`simple`.
| `simple` |
No | 0.5.1 |
+| `java.security.krb5.conf` | Kerberos krb file for
configuration of Kerberos.
| /etc/krb5.conf | No
| 0.7.0-incubating |
Review Comment:
what about `krb5.conf.path`?
##########
docs/hadoop-catalog.md:
##########
@@ -32,6 +32,7 @@ Besides the [common catalog
properties](./gravitino-server-config.md#gravitino-c
| `default-filesystem-provider` | The name default
filesystem providers of this Hadoop catalog if users do not specify the scheme
in the URI. Default value is `builtin-local`
| `builtin-local` | No
| 0.7.0-incubating |
| `authentication.impersonation-enable` | Whether to enable
impersonation for the Hadoop catalog.
| `false` | No
| 0.5.1 |
| `authentication.type` | The type of
authentication for Hadoop catalog, currently we only support `kerberos`,
`simple`.
| `simple` |
No | 0.5.1 |
+| `java.security.krb5.conf` | Kerberos krb file for
configuration of Kerberos.
| /etc/krb5.conf | No
| 0.7.0-incubating |
Review Comment:
Let me think if there is a better name for it, `java.security.krb5.conf` is
so long.
##########
catalogs/catalog-hadoop/src/main/java/org/apache/gravitino/catalog/hadoop/authentication/kerberos/KerberosClient.java:
##########
@@ -63,6 +63,12 @@ public String login(String keytabFilePath) throws
IOException {
Preconditions.checkArgument(
principalComponents.size() == 2, "The principal has the wrong format");
+ // Set Kerberos krb file
+ String krbFilePath = kerberosConfig.getKrb5Conf();
+ Preconditions.checkArgument(
+ StringUtils.isNotBlank(krbFilePath), "The Kerberos krb file can't be
blank");
+ System.setProperty("java.security.krb5.conf", krbFilePath);
Review Comment:
Is this method class loader isolated? I mean what if I set
`java.security.krb5.conf` in `catalogA`, does it take effect in `catalogB`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
