Dan Burkert has posted comments on this change. Change subject: master: issue authentication tokens and CA certs to clients ......................................................................
Patch Set 2: (3 comments) http://gerrit.cloudera.org:8080/#/c/5871/2/src/kudu/master/master.proto File src/kudu/master/master.proto: Line 548: // TODO(PKI): should the client specify whether it wants an authn token or not? You hint at it later, but I think the correct thing to do here is not have the client ask for the token, but return it automatically when the client connects with a connection authenticated by kerberos. PS2, Line 549: server Is this supposed to be client? Line 563: repeated bytes ca_cert_der = 3; We've previously discussed cert rolling and decided to punt, although maybe we should have a more official discussion. As it is, though I think this should be optional not repeated. Optional can always be upgraded to repeated. -- To view, visit http://gerrit.cloudera.org:8080/5871 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I5969b8e125633b3b14364b98c0d0a992b162f302 Gerrit-PatchSet: 2 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-HasComments: Yes
