Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4763
to look at the new patch set (#4).
Change subject: rpc: support GSSAPI authentication
......................................................................
rpc: support GSSAPI authentication
This patch consists of a bunch of changes necessary to support GSSAPI
(Kerberos) authentication during RPC negotiation:
- rename the authenticated user field from 'plain_auth_user' to
'authenticated_user' and set it from the SASL_USERNAME property.
- make the calls to enable various SASL mechanisms before initializing
the SASL client: it seems that the client grabs the mechanism option
during sasl_client_init, rather than on the first step, so it wasn't
picking up the GSSAPI mechanism without reordering this. This caused a
bunch of associated reorderings in the tests.
- add code to actually enable the GSSAPI mechanism.
There are a few related test changes as well:
- MiniKDC can now create keytabs for service principals.
- MiniKDC has the ability to set the krb5-related environment variables.
I spent quite some time trying to figure out how to programmatically
pass these things in on a per-connection basis and came up
empty-handed except for amusing comments like 'FIXME: This code is
broken' where the SASL GSSAPI implementation has a half-baked
implementation of programmatic keytab-setting.
- The top-level test_main (which runs all tests) as well as the
KuduTest::Setup() method now explicit override a few krb5-related
environment variables so that whatever settings the user might have
(either in env variables or in /etc/krb5.conf) will not be picked up
by tests.
Change-Id: I3c1b93045acd428ef3437597059c5106b03e25d0
---
M src/kudu/rpc/CMakeLists.txt
M src/kudu/rpc/connection.cc
M src/kudu/rpc/constants.cc
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_client.h
M src/kudu/rpc/sasl_common.cc
M src/kudu/rpc/sasl_common.h
M src/kudu/rpc/sasl_helper.cc
M src/kudu/rpc/sasl_helper.h
M src/kudu/rpc/sasl_rpc-test.cc
M src/kudu/rpc/sasl_server.cc
M src/kudu/rpc/sasl_server.h
M src/kudu/security/mini_kdc-test.cc
M src/kudu/security/mini_kdc.cc
M src/kudu/security/mini_kdc.h
M src/kudu/util/test_main.cc
M src/kudu/util/test_util.cc
M src/kudu/util/test_util.h
19 files changed, 342 insertions(+), 48 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/63/4763/4
--
To view, visit http://gerrit.cloudera.org:8080/4763
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I3c1b93045acd428ef3437597059c5106b03e25d0
Gerrit-PatchSet: 4
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <[email protected]>
