[email protected] has posted comments on this change. ( http://gerrit.cloudera.org:8080/20269 )
Change subject: IMPALA-12318: Add a flag option for http spnego dedicated keytab file. ...................................................................... Patch Set 8: (2 comments) http://gerrit.cloudera.org:8080/#/c/20269/7/be/src/kudu/security/gssapi.h File be/src/kudu/security/gssapi.h: http://gerrit.cloudera.org:8080/#/c/20269/7/be/src/kudu/security/gssapi.h@22 PS7, Line 22: #include <gssapi/gssapi_krb5.h> > Why is this needed here? Could it be added in gssapi.cc? gssapi_krb5.h is needed to use krb5_gss_register_acceptor_identity function in gssapi.cc. it can be moved to gssapi.cc I thought that gssapi_krb5 header file can be used other file that includes kudu/security/gssapi.h so that i put this into kudu/security/gssapi.h in advance. http://gerrit.cloudera.org:8080/#/c/20269/7/be/src/kudu/security/gssapi.cc File be/src/kudu/security/gssapi.cc: http://gerrit.cloudera.org:8080/#/c/20269/7/be/src/kudu/security/gssapi.cc@131 PS7, Line 131: krb5_gss_register_acceptor_identity(FLAGS_spnego_keytab_file.c_str()); > I'm not clear how this avoids overriding keytab_file globally. It doesn't override keytab_file flag at all, It just register another keytab file location for webserver spnego gss acceptor. I couldn't find krb5_gss_register_acceptor_identity function in GSS API Document though, I've found that impala log in by impala principal in the impala service keytab(specified by --keytab_file flag)from my cluster's experimentation. If you are still curious, I will do more research. Could you Please let me know what you are worrying about in detail? -- To view, visit http://gerrit.cloudera.org:8080/20269 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ia4794ca97316c63a0e6fef9f7428fc05dd9904b0 Gerrit-Change-Number: 20269 Gerrit-PatchSet: 8 Gerrit-Owner: Anonymous Coward <[email protected]> Gerrit-Reviewer: Anonymous Coward <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Michael Smith <[email protected]> Gerrit-Comment-Date: Sat, 29 Jul 2023 02:22:49 +0000 Gerrit-HasComments: Yes
