----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22443/#review45325 -----------------------------------------------------------
Prasad, I actually tested it on a real deployment and I hit this: 'org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient$UgiTransport' (current frame, stack[1]) is not assignable to 'sentry/org/apache/thrift/transport/TTransport' - Sravya Tirukkovalur On June 10, 2014, 10:17 p.m., Prasad Mujumdar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22443/ > ----------------------------------------------------------- > > (Updated June 10, 2014, 10:17 p.m.) > > > Review request for sentry. > > > Bugs: SENTRY-289 > https://issues.apache.org/jira/browse/SENTRY-289 > > > Repository: sentry > > > Description > ------- > > The Sentry client started by HS2 or metastore needs to wrapp the transport > open as privileged action of the current UGI. This allows the SASL > negotiation to access the kerberos ticket for authentication. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > 812f310 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > c41f8b9 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/KerberosConfiguration.java > 203858e > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java > 4a2b900 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java > 61bdfed > > Diff: https://reviews.apache.org/r/22443/diff/ > > > Testing > ------- > > Manually tested the secure connection from HS2. > > > Thanks, > > Prasad Mujumdar > >
