sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sravya Tirukkovalur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-1037) Set "hadoop.security.authentication" to "kerberos" in the Generic Client
Date Sat, 30 Jan 2016 00:00:42 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-1037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15124471#comment-15124471
] 

Sravya Tirukkovalur commented on SENTRY-1037:
---------------------------------------------

[~gchanan] Changed the description of the jira based on the discussion on RB and changes that
you made in the final patch. Does it look good?

Just to summarize:
In this patch, we are setting "hadoop.security.authentication" to "kerberos" in the SentryGenericServiceClientDefaultImpl,
mainly to avoid requiring integrating services to workaround the issue of hadoop-auth( it
requires this property to be set when getting the logged in user using UGI)



> Set "hadoop.security.authentication" to "kerberos" in the Generic Client
> ------------------------------------------------------------------------
>
>                 Key: SENTRY-1037
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1037
>             Project: Sentry
>          Issue Type: Bug
>          Components: Service, Solr Plugin
>    Affects Versions: 1.7.0
>            Reporter: Gregory Chanan
>            Assignee: Gregory Chanan
>             Fix For: 1.7.0
>
>         Attachments: SENTRY-1037.patch, SENTRY-1037.patch
>
>
> Today, the SentryShellSolr follows the same pattern as SentryShellHive, which is just
getting a "new Configuration()".  In order to connect to a service requiring kerberos, the
Configuration must have "hadoop.security.authentication" set to "kerberos" since the generic
client uses hadoop-auth to do the authentication.  But this will often not be set in the context
of Solr, which may not even have a hadoop-related configuration around.
> So, we should handle the configuration in the same way as we do for the binding; namely,
if the client intends to use kerberos, we set "hadoop.security.authentication" to "kerberos"



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message