Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/9374 )
Change subject: KUDU-2259: add real user to AuthenticationCredentialsPB ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/9374/2/java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java File java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java: http://gerrit.cloudera.org:8080/#/c/9374/2/java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java@156 PS2, Line 156: authentica > the hasAuthnToke() check takes care of that. Not sure I understand: the condition for this 'if' closure is 'pb.hasAuthnToken()', which comes from input bytes 'authnData'. Meanwhile, 'authnToken' is a member of the class which might be null at this point, no? http://gerrit.cloudera.org:8080/#/c/9374/1/src/kudu/client/client.proto File src/kudu/client/client.proto: http://gerrit.cloudera.org:8080/#/c/9374/1/src/kudu/client/client.proto@116 PS1, Line 116: root > Is that in the case of external PKI? With internal-PKI I don't think we ev Yes, the idea was to use the sequence for the certificate chain, if we had that. The chain is needed for validation. As of now, there is no multiple root CA certificates. -- To view, visit http://gerrit.cloudera.org:8080/9374 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I5d2d901d42501ecfc0f6372f68cf7335eb188b45 Gerrit-Change-Number: 9374 Gerrit-PatchSet: 1 Gerrit-Owner: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org> Gerrit-Comment-Date: Fri, 02 Mar 2018 19:05:46 +0000 Gerrit-HasComments: Yes