Todd Lipcon has posted comments on this change.

Change subject: Workaround test failures running with MIT krb5 1.10
......................................................................


Patch Set 5:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/4990/5/src/kudu/security/init.cc
File src/kudu/security/init.cc:

PS5, Line 88: krb5_creds creds
> Interesting, indeed.  May be, this is the case when the creds do not contai
My guess is the issue is that this code is only run by external minicluster 
daemons, and we shut those down by 'kill -9' rather than gracefully. So, the 
leak sanitizer doesn't actually get a chance to run on exit. I'll see if I can 
add a test case that repros the leak before I fix it.


Line 109: 
> I'm kind of surprised you need to "sanitize" these environment variables gi
Consider yourself surprised, then. The library reads configuration files and 
environment variables to get configuration, because typical usage is deeply 
embedded within apps (eg just like us, people embed SASL which uses GSSAPI 
which uses libkrb5).

There are direct library calls you can make (as we do above) to manually grab 
credentials, store them in ticket caches, etc, but when you're interacting with 
Kerberos through the above-mentioned layers, it's basically impossible to do 
anything but pass the configuration through the process's environment.


PS5, Line 112: "KRB5CCNAME"
> Does it make sense to introduce constants for those Kerberos-related env va
will do


-- 
To view, visit http://gerrit.cloudera.org:8080/4990
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I708334cbbee35d2629a38a369e63c1dc309ed91b
Gerrit-PatchSet: 5
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Todd Lipcon <[email protected]>
Gerrit-Reviewer: Adar Dembo <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <[email protected]>
Gerrit-HasComments: Yes

Reply via email to