AngersZhuuuu commented on a change in pull request #26594: [SPARK-29957][TEST]
Bump MiniKdc to 3.2.0
URL: https://github.com/apache/spark/pull/26594#discussion_r350549930
##########
File path: pom.xml
##########
@@ -1024,7 +1025,7 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-minikdc</artifactId>
- <version>${hadoop.version}</version>
+ <version>${minikdc.version}</version>
Review comment:
@srowen @wangyum @dongjoon-hyun
I checked the kerberos code that when client call a request
`KrbTgsReq/KrbTktReq `, it will first check if there are config
`default_tkt_enctypes` and `default_tgs_enctypes`in `krb5.conf`, if not, then
use `jdk buildin enctypes`.
And i have checked the build in ecntypes:
```
jdk8
static {
DEBUG = Krb5.DEBUG;
initStatic();
BUILTIN_ETYPES = new int[]{18, 17, 16, 23, 1, 3};
BUILTIN_ETYPES_NOAES256 = new int[]{17, 16, 23, 1, 3};
}
jdk11
static {
DEBUG = Krb5.DEBUG;
initStatic();
BUILTIN_ETYPES = new int[]{18, 17, 20, 19, 16, 23, 1, 3};
BUILTIN_ETYPES_NOAES256 = new int[]{17, 19, 16, 23, 1, 3};
}
```
In server side , they both use `aes128-cts-hmac-sha1-96` as first choice.
But MiniKdc don't have API for us to config these. So rewrite and refresh
it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
