WHBANG opened a new pull request, #1569: URL: https://github.com/apache/incubator-pegasus/pull/1569
### What problem does this PR solve? <!--add issue link with summary if exists--> https://github.com/apache/incubator-pegasus/issues/1568 ### What is changed and how does it work? pegasus-shell config has added a new config item: ``` [security] is_kinit_performed = true ``` When kerberos authentication is enabled: - the default value is false, which means that pegasus completes the kinit action by itself. - When the value is true, the user needs to complete the kinit action by himself, and pegasus will obtain the principal of the current unix account for authentication. Example when the `is_kinit_performed` value is true: 1. config.ini: No keytab file is provided and no principal is specified in the configuration file ``` [security] enable_auth = true is_kinit_performed = true krb5_config = /etc/krb5.conf sasl_plugin_path = /root/apache/incubator-pegasus/thirdparty/output/lib/sasl2 service_fqdn = a656c309c331 service_name = test1 ``` 2. Execute klist first to verify that kinit has not been executed in the environment ``` [root@a656c309c331 incubator-pegasus]# klist klist: Credentials cache keyring 'persistent:0:0' not found ``` 3. At this time, directly executing the pegasus-shell tool will exit abnormally ``` [root@a656c309c331 incubator-pegasus]# ./run.sh shell Pegasus Shell 2.4.0-SNAPSHOT Type "help" for more information. Type "Ctrl-D" or "Ctrl-C" to exit the shell. run the system failed dsn exit with code -1 ``` 4. Execute kinit under the current unix account ``` [root@a656c309c331 incubator-pegasus]# kinit -kt /root/apache/pegasus.keytab test2/[email protected] [root@a656c309c331 incubator-pegasus]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: test2/[email protected] Valid starting Expires Service principal 07/18/2023 08:04:52 07/19/2023 08:04:52 krbtgt/[email protected] ``` 5. Execute pegasus-shell again, we can enter successfully, and the log shows that the authentication is successful ``` [root@a656c309c331 incubator-pegasus]# ./run.sh shell Pegasus Shell 2.4.0-SNAPSHOT Type "help" for more information. Type "Ctrl-D" or "Ctrl-C" to exit the shell. The config file is: /root/apache/incubator-pegasus/config-shell.ini.186049 The cluster name is: onebox The cluster meta list is: 127.0.0.1:34601,127.0.0.1:34602,127.0.0.1:34603 >>> ls [general_info] app_id status app_name app_type partition_count replica_count is_stateful create_time drop_time drop_expire envs_count 1 AVAILABLE temp pegasus 8 3 true 2023-07-18_07:22:44 - - 0 [summary] total_app_count : 1 >>> get_meta_level current meta level is fl_steady >>> ``` ``` I2023-07-18 08:07:24.920 (1689667644920761644 186054) unknown.io-thrd.186054: service_api_c.cpp:468:run(): process(186054) start: 1689667644916, date: 2023-07-18 08:07:24.916 I2023-07-18 08:07:24.921 (1689667644921036912 186054) unknown.io-thrd.186054: init.cpp:67:init(): initialize kerberos succeed I2023-07-18 08:07:24.921 (1689667644921528195 186054) unknown.io-thrd.186054: init.cpp:74:init(): initialize sasl succeed ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
