[
https://issues.apache.org/jira/browse/HADOOP-12911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15215827#comment-15215827
]
Steve Loughran commented on HADOOP-12911:
-----------------------------------------
I really like this code; I like how much simpler the POMs and the internals are
getting. We will need people who understand Kerberos to review it though; I
don't count myself as one.
h2. MiniKdc.java
1. This could be a good time to make MiniKDC a subclass of AbstractService,
though it may (will?) break external users. Perhaps we could have a MiniKDC
service, which the existing MiniKDC code instantiated on its existing lifecycle.
2. If not done already, can the miniconf prefer TCP over UDP? It fails faster.
3. Why does /MiniKdc reset "sun.security.krb5.debug"? If set, I'd like it to
stay that way. You could use is current value as the default when reading
the configuration .
4.
{code}
InputStream is = getResourceAsStream("minikdc-krb5.conf");
{code}
Add a {{Preconditions}} check that this isn't null.
5. need a check after {{transport = conf.getProperty(TRANSPORT);}} for a null
value?
6. Teardown. Again, I'd like the JVM properties to be left unaltered. At the
very least: remember their originals. KDiag manipulates these in its own
production code.
in {{TestClientRMTokens.java}} the realm is changed. does that make the comment
on line 122 incorrect?
> Upgrade Hadoop MiniKDC with Kerby
> ---------------------------------
>
> Key: HADOOP-12911
> URL: https://issues.apache.org/jira/browse/HADOOP-12911
> Project: Hadoop Common
> Issue Type: Improvement
> Components: test
> Reporter: Jiajia Li
> Assignee: Jiajia Li
> Attachments: HADOOP-12911-v1.patch, HADOOP-12911-v2.patch,
> HADOOP-12911-v3.patch, HADOOP-12911-v4.patch
>
>
> As discussed in the mailing list, we’d like to introduce Apache Kerby into
> Hadoop. Initially it’s good to start with upgrading Hadoop MiniKDC with Kerby
> offerings. Apache Kerby (https://github.com/apache/directory-kerby), as an
> Apache Directory sub project, is a Java Kerberos binding. It provides a
> SimpleKDC server that borrowed ideas from MiniKDC and implemented all the
> facilities existing in MiniKDC. Currently MiniKDC depends on the old Kerberos
> implementation in Directory Server project, but the implementation is stopped
> being maintained. Directory community has a plan to replace the
> implementation using Kerby. MiniKDC can use Kerby SimpleKDC directly to avoid
> depending on the full of Directory project. Kerby also provides nice identity
> backends such as the lightweight memory based one and the very simple json
> one for easy development and test environments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
