[
https://issues.apache.org/jira/browse/SENTRY-1736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16016453#comment-16016453
]
kalyan kumar kalvagadda commented on SENTRY-1736:
-------------------------------------------------
After a discussion with the [~akolb] [~vamsee] [~vspector] new approach is
decided
1. Update the UserGroupInformation with HADOOP_SECURITY_AUTHENTICATION for the
client when kerberos is enabled.
2. Make sure that the update is not done for every connection towards sentry
server.
3. Don't update the configuration object that we passed. Instead use a local
version to update.
New patch submitted is based on this idea.
> Generic service client should support Kerberos
> ----------------------------------------------
>
> Key: SENTRY-1736
> URL: https://issues.apache.org/jira/browse/SENTRY-1736
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: sentry-ha-redesign
> Reporter: Alexander Kolbasov
> Assignee: kalyan kumar kalvagadda
> Attachments: SENTRY-1736.001-sentry-ha-redesign.patch,
> SENTRY-1736.002-sentry-ha-redesign.patch,
> SENTRY-1736.003-sentry-ha-redesign.patch
>
>
> The {{SentryGenericServiceClientDefaultImpl}} has the following comment in
> constructor:
> {code}
> //TODO(kalyan) need to find appropriate place to add it
> // if (kerberos) {
> // // since the client uses hadoop-auth, we need to set kerberos in
> // // hadoop-auth if we plan to use kerberos
> // conf.set(HADOOP_SECURITY_AUTHENTICATION,
> SentryConstants.KERBEROS_MoODE);
> // }
> {code}
> This should be actually implemented.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
