Henry Robinson has posted comments on this change. Change subject: IMPALA-3095: Add configurable whitelist of authorized internal principals ......................................................................
Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/2334/1/be/src/rpc/authentication-test.cc File be/src/rpc/authentication-test.cc: Line 74: string service_name_wrong_realm("service_name/[email protected]"); : EXPECT_EQ(SASL_OK, : SaslAuthorizeInternal(NULL, (void*)&sa, service_name_wrong_realm.c_str(), : service_name_wrong_realm.size(), NULL, 0, NULL, 0, NULL)); > This shouldn't pass in practice (because the cyrus-sasl library shouldn't a Good point - there's no need to have a test for it then, I think. http://gerrit.cloudera.org:8080/#/c/2334/1/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: Line 94: "hdfs" > I'm guessing people would wonder why we have hdfs as the default here. Shou In an ideal world this would not be the default, but I think for expediency's sake it's ok to have this anticipate the known third-party user that needs to access. I don't expect this to be changed in 99% of installations. -- To view, visit http://gerrit.cloudera.org:8080/2334 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: If828e86c99c3c398319953b1d3b33d5e3af200da Gerrit-PatchSet: 1 Gerrit-Project: Impala Gerrit-Branch: cdh5-2.5.0_5.7.0 Gerrit-Owner: Henry Robinson <[email protected]> Gerrit-Reviewer: Henry Robinson <[email protected]> Gerrit-Reviewer: Sailesh Mukil <[email protected]> Gerrit-HasComments: Yes
