AngersZhuuuu commented on a change in pull request #26594: [SPARK-29957][TEST] Bump MiniKdc to 3.2.0 URL: https://github.com/apache/spark/pull/26594#discussion_r350549930
########## File path: pom.xml ########## @@ -1024,7 +1025,7 @@ <dependency> <groupId>org.apache.hadoop</groupId> <artifactId>hadoop-minikdc</artifactId> - <version>${hadoop.version}</version> + <version>${minikdc.version}</version> Review comment: @srowen @wangyum @dongjoon-hyun I checked the kerberos code that when client call a request `KrbTgsReq/KrbTktReq `, it will first check if there are config `default_tkt_enctypes` and `default_tgs_enctypes`in `krb5.conf`, if not, then use `jdk buildin enctypes`. And i have checked the build in ecntypes: ``` jdk8 static { DEBUG = Krb5.DEBUG; initStatic(); BUILTIN_ETYPES = new int[]{18, 17, 16, 23, 1, 3}; BUILTIN_ETYPES_NOAES256 = new int[]{17, 16, 23, 1, 3}; } jdk11 static { DEBUG = Krb5.DEBUG; initStatic(); BUILTIN_ETYPES = new int[]{18, 17, 20, 19, 16, 23, 1, 3}; BUILTIN_ETYPES_NOAES256 = new int[]{17, 19, 16, 23, 1, 3}; } ``` In server side , they both use `aes128-cts-hmac-sha1-96` as first choice. But MiniKdc don't have API for us to config these. So rewrite and refresh it. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org