Todd Lipcon has posted comments on this change. Change subject: rpc: separately capture full principal name and short username ......................................................................
Patch Set 5: (2 comments) http://gerrit.cloudera.org:8080/#/c/6106/5/src/kudu/rpc/negotiation-test.cc File src/kudu/rpc/negotiation-test.cc: Line 300: EXPECT_EQ("client-plain", remote_user.username()); > Should we consider _not_ grabbing the username when the PLAIN mech is used? I think it's worth doing - obviously it isn't resistant to malicious users, but it lets people avoid complete mistakes ("oops, I rmed all my data on production instead of dev!") Line 311: // logged in from any Keytab. > The last tests case is a scenario where the client has GSSAPI creds + a sig yea, I figured this would be covered by more end-to-end type stuff. ok if I punt? -- To view, visit http://gerrit.cloudera.org:8080/6106 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: Iaf76abf8348dd677a47330b6d0ef110129d853c0 Gerrit-PatchSet: 5 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Todd Lipcon <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
