[
https://issues.apache.org/jira/browse/IMPALA-9430?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Work on IMPALA-9430 started by Tim Armstrong.
---------------------------------------------
> Kerberos configs should be passed through to Kerberos libraries even if
> principal is not set
> --------------------------------------------------------------------------------------------
>
> Key: IMPALA-9430
> URL: https://issues.apache.org/jira/browse/IMPALA-9430
> Project: IMPALA
> Issue Type: Improvement
> Components: Backend
> Reporter: Tim Armstrong
> Assignee: Tim Armstrong
> Priority: Major
>
> InitKerberosEnv() configures native and JDK kerberos implementations based on
> command-line flags:
> https://github.com/apache/impala/blob/d1b42c836c3458a2ef3662c0b0b1fd8fbf8f2baf/be/src/rpc/authentication.cc#L866
> . It only does this when --principal is set.
> It's possible that Impala can be set up to use kerberos to communicate with
> some external services, e.g. HMS or Hive, even if --principal is not set,
> since those clients read in config XML files that are independent of the
> Impala flags. This isn't a recommended configuration and requires a fair bit
> of expertise to get right, but I think it's very surprising that the configs
> *don't* get passed through in the case. The documentation doesn't mention
> this behaviour.
> The suggested change here is to apply the config changes independent of the
> value of --principal. It should be a noop if kerberos is not configured for
> any services.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
