Todd Lipcon has posted comments on this change. Change subject: java: fetch and adopt authn token and CA from master ......................................................................
Patch Set 3: (1 comment) http://gerrit.cloudera.org:8080/#/c/6077/3/java/kudu-client/src/main/java/org/apache/kudu/client/AsyncKuduClient.java File java/kudu-client/src/main/java/org/apache/kudu/client/AsyncKuduClient.java: Line 550: public void importAuthenticationData(byte[] authnData) { > How is this going to work in the Spark world? Wouldn't the subject names n hm, maybe the comment isn't clear. What I meant was that, if you have a client, you can't use this method to _switch_ users. In the Spark case, the executor has some Kerberos credential (eg 'todd@REALM'), and it fetches a token which would have the corresponding username. Then, it passes it to executors which have no token, but the executors import the token and become 'todd@REALM'. On a later query in the same spark session, the driver might have gotten a new token, and it could pass it to the executors, which could use this method to replace the token, but the new token would have the same username (with an updated expiration time). Any suggestion how to explain it better? -- To view, visit http://gerrit.cloudera.org:8080/6077 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I24e71f0f5feefa36106a50074d40731911eff64b Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
