Todd Lipcon has posted comments on this change. Change subject: Workaround test failures running with MIT krb5 1.10 ......................................................................
Patch Set 5: (3 comments) http://gerrit.cloudera.org:8080/#/c/4990/5/src/kudu/security/init.cc File src/kudu/security/init.cc: PS5, Line 88: krb5_creds creds > Interesting, indeed. May be, this is the case when the creds do not contai My guess is the issue is that this code is only run by external minicluster daemons, and we shut those down by 'kill -9' rather than gracefully. So, the leak sanitizer doesn't actually get a chance to run on exit. I'll see if I can add a test case that repros the leak before I fix it. Line 109: > I'm kind of surprised you need to "sanitize" these environment variables gi Consider yourself surprised, then. The library reads configuration files and environment variables to get configuration, because typical usage is deeply embedded within apps (eg just like us, people embed SASL which uses GSSAPI which uses libkrb5). There are direct library calls you can make (as we do above) to manually grab credentials, store them in ticket caches, etc, but when you're interacting with Kerberos through the above-mentioned layers, it's basically impossible to do anything but pass the configuration through the process's environment. PS5, Line 112: "KRB5CCNAME" > Does it make sense to introduce constants for those Kerberos-related env va will do -- To view, visit http://gerrit.cloudera.org:8080/4990 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I708334cbbee35d2629a38a369e63c1dc309ed91b Gerrit-PatchSet: 5 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
