> On 十月 21, 2014, 8:29 a.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java, > > line 122 > > <https://reviews.apache.org/r/25983/diff/1/?file=704075#file704075line122> > > > > It might be better to fail if the server principal is not configured
Good suggestion, I will make it. > On 十月 21, 2014, 8:29 a.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/JaasConfiguration.java, > > line 1 > > <https://reviews.apache.org/r/25983/diff/1/?file=704076#file704076line1> > > > > I am wondering if we could reuse the hadoop auth libraries instead of > > adding the code here .. I'm afraid not, the class is used instead of writing a jaas.conf > On 十月 21, 2014, 8:29 a.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java, > > line 121 > > <https://reviews.apache.org/r/25983/diff/1/?file=704075#file704075line121> > > > > The principal spliting routines are already there in Hadoop code base, > > would it be possible to reuse those instead of duplicating that code ? Hi Prasad, it seem that if we want to use the spliting routines in Hadoop, we must use **KerberosName**, I change to use **principal.split("[/@]")[0]** , I think it is better. - Sun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25983/#review57492 ----------------------------------------------------------- On 十月 27, 2014, 2:35 p.m., Sun Dapeng wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25983/ > ----------------------------------------------------------- > > (Updated 十月 27, 2014, 2:35 p.m.) > > > Review request for sentry, Arun Suresh, Lenni Kuff, Prasad Mujumdar, and > Sravya Tirukkovalur. > > > Bugs: SENTRY-459 > https://issues.apache.org/jira/browse/SENTRY-459 > > > Repository: sentry > > > Description > ------- > > Support Kerberos for SENTRY high availability. In security mode, Zookeeper > will use Kerberos for authentication, SENTRY should use the **principal** and > **keytab** in sentry configuration for authentication > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/HAContext.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/JaasConfiguration.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/ServiceConstants.java > 52eaeed > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServerForHaWithoutKerberos.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceForHAWithKerberos.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/service/thrift/SentryServiceIntegrationBase.java > cc12099 > > Diff: https://reviews.apache.org/r/25983/diff/ > > > Testing > ------- > > All Unit tests passed in local > > > Thanks, > > Sun Dapeng > >
