[jira] [Resolved] (SENTRY-1766) Generic model clients using kerberos can no longer connect to Sentry server

Alexander Kolbasov (JIRA) Wed, 17 May 2017 20:27:07 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1766?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Alexander Kolbasov resolved SENTRY-1766.
----------------------------------------
    Resolution: Duplicate

> Generic model clients using kerberos can no longer connect to Sentry server
> ---------------------------------------------------------------------------
>
>                 Key: SENTRY-1766
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1766
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: sentry-ha-redesign
>            Reporter: Alexander Kolbasov
>            Assignee: kalyan kumar kalvagadda
>            Priority: Blocker
>             Fix For: sentry-ha-redesign
>
>
> We noticed that Solr can no longer connect to Sentry when Kerberos is in the 
> picture and we get {{GSSException: No valid credentials provided}}.
> The old code used to do:
> {code}
> kerberos = ServerConfig.SECURITY_MODE_KERBEROS.equalsIgnoreCase(
>         conf.get(ServerConfig.SECURITY_MODE, 
> ServerConfig.SECURITY_MODE_KERBEROS).trim());
>     transport = new TSocket(serverAddress.getHostName(),
>         serverAddress.getPort(), connectionTimeout);
>     if (kerberos) {
>       String serverPrincipal = 
> Preconditions.checkNotNull(conf.get(ServerConfig.PRINCIPAL), 
> ServerConfig.PRINCIPAL + " is required");
>       // since the client uses hadoop-auth, we need to set kerberos in
>       // hadoop-auth if we plan to use kerberos
>       conf.set(HADOOP_SECURITY_AUTHENTICATION, 
> ServerConfig.SECURITY_MODE_KERBEROS);
> {code}
> But SENTRY-1593 changed it to
> {code}
> //TODO(kalyan) need to find appropriate place to add it
>     // if (kerberos) {
>     //  // since the client uses hadoop-auth, we need to set kerberos in
>     //  // hadoop-auth if we plan to use kerberos
>     //  conf.set(HADOOP_SECURITY_AUTHENTICATION, 
> SentryConstants.KERBEROS_MoODE);
>     // }
> {code}
> So the relevant part of the code is commented out.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Resolved] (SENTRY-1766) Generic model clients using kerberos can no longer connect to Sentry server

Reply via email to