Tim Armstrong created IMPALA-9430:
-------------------------------------
Summary: Kerberos configs should be passed through to Kerberos
libraries even if principal is not set
Key: IMPALA-9430
URL: https://issues.apache.org/jira/browse/IMPALA-9430
Project: IMPALA
Issue Type: Improvement
Components: Backend
Reporter: Tim Armstrong
Assignee: Tim Armstrong
InitKerberosEnv() configures native and JDK kerberos implementations based on
command-line flags:
https://github.com/apache/impala/blob/d1b42c836c3458a2ef3662c0b0b1fd8fbf8f2baf/be/src/rpc/authentication.cc#L866
. It only does this when --principal is set.
It's possible that Impala can be set up to use kerberos to communicate with
some external services, e.g. HMS or Hive, even if --principal is not set, since
those clients read in config XML files that are independent of the Impala
flags. This isn't a recommended configuration and requires a fair bit of
expertise to get right, but I think it's very surprising that the configs
*don't* get passed through in the case. The documentation doesn't mention this
behaviour.
The suggested change here is to apply the config changes independent of the
value of --principal. It should be a noop if kerberos is not configured for any
services.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
