Alexey Serbin has posted comments on this change.

Change subject: [security] Negotiate authentication type during RPC setup
......................................................................


Patch Set 3:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/5988/3/src/kudu/rpc/rpc_header.proto
File src/kudu/rpc/rpc_header.proto:

PS3, Line 174: authn_token
> We only support the redact attribute for string/bytes fields in protobufs (
Thank you for the clarification.  For some reason I thought the REDACT 
attribute is for any field.


http://gerrit.cloudera.org:8080/#/c/5988/3/src/kudu/security/token_verifier.cc
File src/kudu/security/token_verifier.cc:

PS3, Line 86: TokenPB* token
> what do you mean by "end of the chain"? Doesn't anyone who verifies it also
The call sites in the token-test.cc do not check the token contents as is, so 
it would be less code (one line less per call site).

As I understand, an authn token is basically empty now (there is only 
expiration date and incompatible features which are checked by this method).

The 'end of the chain' is nonsense, please ignore.


-- 
To view, visit http://gerrit.cloudera.org:8080/5988
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I8ed9a1a474990dbfe9b71173adffdec95ec02b6c
Gerrit-PatchSet: 3
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Adar Dembo <a...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-HasComments: Yes

Reply via email to