Sahil Takiar has posted comments on this change. ( http://gerrit.cloudera.org:8080/15351 )
Change subject: IMPALA-9456: allow disabling kerberos selectively ...................................................................... Patch Set 2: (5 comments) http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/common/global-flags.cc File be/src/common/global-flags.cc: http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/common/global-flags.cc@55 PS2, Line 55: DEFINE_bool(skip_internal_kerberos_auth, false, : "(Advanced) skip kerberos authentication for incoming internal connections from " : "other daemons within the Impala cluster (i.e. impalads, statestored, catalogd). " : "Must be set to the same value across all daemons. Only has an effect if --principal " : "is set, i.e. Kerberos is enabled."); : DEFINE_bool(skip_external_kerberos_auth, false, : "(Advanced) skip kerberos authentication for incoming external connections to " : "this daemon, e.g. clients connecting to the HS2 interface. Only has an effect " : "if --principal is set, i.e. Kerberos is enabled."); what category does impalad-HMS connections fall into? http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/rpc/authentication.cc File be/src/rpc/authentication.cc: http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/rpc/authentication.cc@a958 PS2, Line 958: i think the docs for this method in authentication.h need to be updated to reflect this change http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/rpc/authentication.cc@1231 PS2, Line 1231: // Flags | Internal | External : // --------- | -------- | -------- : // None | NoAuth | NoAuth : // LDAP only | NoAuth | Sasl(ldap) : // Kerb only | Sasl(be) | Sasl(fe) : // Both | Sasl(be) | Sasl(fe+ldap) does this table need to be updated? it seems there are a few more options now since --skip_internal_kerberos_auth and --skip_external_kerberos_auth can change if Internal or External auth are enabled http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/rpc/authentication.cc@1293 PS2, Line 1293: "and" http://gerrit.cloudera.org:8080/#/c/15351/2/be/src/rpc/authentication.cc@1295 PS2, Line 1295: kerberos_internal_principal what about the renew thread for the external principal? -- To view, visit http://gerrit.cloudera.org:8080/15351 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I3b1c641e05e588287e4d9d9cd8389d96fc71cf74 Gerrit-Change-Number: 15351 Gerrit-PatchSet: 2 Gerrit-Owner: Tim Armstrong <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Sahil Takiar <[email protected]> Gerrit-Comment-Date: Fri, 06 Mar 2020 23:48:50 +0000 Gerrit-HasComments: Yes
