Alexey Serbin has posted comments on this change. Change subject: [security] Add per-connection nonce for Kerberos replay resistance ......................................................................
Patch Set 3: (4 comments) http://gerrit.cloudera.org:8080/#/c/6137/3/src/kudu/rpc/client_negotiation.cc File src/kudu/rpc/client_negotiation.cc: PS3, Line 619: if (!response.has_channel_bindings()) { : return Status::NotAuthorized("no channel bindings provided by server"); : } nit: Is it worth retrieving remote certificate and generating channel bindings for the cert if the response does not have channel bindings? Consider moving this check before the certificate-related activity. PS3, Line 625: response.channel_bindings(), : &received_channel_bindings), nit: off-by-one shift http://gerrit.cloudera.org:8080/#/c/6137/3/src/kudu/security/crypto.cc File src/kudu/security/crypto.cc: PS3, Line 246: Slice nit: consider using Slice* to conform with the style guide. http://gerrit.cloudera.org:8080/#/c/6137/2/src/kudu/security/crypto.h File src/kudu/security/crypto.h: PS2, Line 89: Slice nit: consider using Slice* to conform with the style guide? -- To view, visit http://gerrit.cloudera.org:8080/6137 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: If0fb433896963be5e81d349ebf3a044a458e6627 Gerrit-PatchSet: 3 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Dan Burkert <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: Yes
