Alexey Serbin has posted comments on this change. Change subject: [c++ client] re-acquire authn token if expired ......................................................................
Patch Set 12: > Haven't followed the full discussion here, but it does seem like > this is growing into a pretty large patch spanning KRPC and "kudu > itself". Maybe worth taking a step back to write down and discuss > the design here, and then we can split out the KRPC work from the > specific work on the client? > > If I understand correctly, the overview is: > - in order to fetch a new token, we need to make sure we're > krb5-authenticated to the master(s) > -- therefore, we need some way to make an RPC call ignore a > pre-established token-authenticated connection and reconnect with > krb5 > -- this necessitates various changes in KRPC rather than just in > our own client code > > Then it seems like there are a few possible alternatives how to do > that -- either something in UserCredentials, something on the > RpcController layer, etc, right? Right. At least I was looking at 3 different approaches only at KRPC to handle establishing and re-using a new connection to master servers which would be negotiated using non-token credentials. I think creating a small document to start discussion on the design is a way to do. I'll create a shared doc and send a link today. -- To view, visit http://gerrit.cloudera.org:8080/6648 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: comment Gerrit-Change-Id: I418497ac59cfd4e476e9bfc6abe6b10b487712f5 Gerrit-PatchSet: 12 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Dan Burkert <[email protected]> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <[email protected]> Gerrit-HasComments: No
