Thomas Tauber-Marshall has posted comments on this change. ( http://gerrit.cloudera.org:8080/13774 )
Change subject: Support SPNEGO for Impala webserver ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/13774/1/be/src/util/kudu-status-util.h File be/src/util/kudu-status-util.h: http://gerrit.cloudera.org:8080/#/c/13774/1/be/src/util/kudu-status-util.h@26 PS1, Line 26: \ Might as well fix the formatting while you're here http://gerrit.cloudera.org:8080/#/c/13774/1/be/src/util/webserver.cc File be/src/util/webserver.cc: http://gerrit.cloudera.org:8080/#/c/13774/1/be/src/util/webserver.cc@370 PS1, Line 370: We assume that security::InitKerberosForServer() What if this isn't the case, eg. because --principal isn't set? Should we check for that? What about the opposite case - where --principal is set but --webserver_require_spnego=false? Right now I think we just silently allow this, but users may find it surprising that setting up kerberos doesn't automatically secure the webserver. Maybe worth logging a warning in that case? -- To view, visit http://gerrit.cloudera.org:8080/13774 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ife2b04310e1571d231bf8ee1bcfd3b7afc2edd8f Gerrit-Change-Number: 13774 Gerrit-PatchSet: 1 Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Thomas Tauber-Marshall <[email protected]> Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-Comment-Date: Tue, 09 Jul 2019 17:52:48 +0000 Gerrit-HasComments: Yes
