Todd Lipcon has posted comments on this change. ( http://gerrit.cloudera.org:8080/9696 )
Change subject: IMPALA-6691: KRPC w/ kerberos fails on SLES11 ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/9696/1/be/src/kudu/rpc/messenger.cc File be/src/kudu/rpc/messenger.cc: http://gerrit.cloudera.org:8080/#/c/9696/1/be/src/kudu/rpc/messenger.cc@284 PS1, Line 284: if (!keytab_file_.empty()) { > Were you able to test this change on SLES 11 ? It's really a shame to lose this on all operating systems just due to the SLES11 deficiency. The reason we added it is that we found it quite difficult to debug the issues if they happened at negotiation time rather than at service startup. We've done a compile-time krb5 version detection in the past using an #ifdef based on some random constant defined in krb5.h that was added in a particular version. It's hacky, but since they don't provide any KRB5_VERSION macro or anythiing, it's the best we could do. For example you could check for KRB5_NT_X500_PRINCIPAL which was added in 1.7. Another option would be to use sasl_client_start to generate a token and pass that into sasl_server_start(). In other words, run a step or two of the negotiation in a "short circuited" configuration to see whether the server can init a connection to itself. -- To view, visit http://gerrit.cloudera.org:8080/9696 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic4cc7f0702f605fca02a2ff5d3d2735e6e080668 Gerrit-Change-Number: 9696 Gerrit-PatchSet: 1 Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Michael Ho <k...@cloudera.com> Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Tue, 20 Mar 2018 21:47:08 +0000 Gerrit-HasComments: Yes