You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Prasad Mujumdar (JIRA)" <ji...@apache.org> on 2015/02/26 00:41:04 UTC
[jira] [Updated] (SENTRY-660) Support client principal and keytab
configuration properties for Sentry HA to work with secure zookeeper
[ https://issues.apache.org/jira/browse/SENTRY-660?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Prasad Mujumdar updated SENTRY-660:
-----------------------------------
Attachment: SENTRY-660.1.patch
> Support client principal and keytab configuration properties for Sentry HA to work with secure zookeeper
> --------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-660
> URL: https://issues.apache.org/jira/browse/SENTRY-660
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Prasad Mujumdar
> Assignee: Prasad Mujumdar
> Fix For: 1.5.0
>
> Attachments: SENTRY-660.1.patch
>
>
> Currently Sentry HAContext tries to the principal and keytab sentry.service.server.principal and sentry.service.server.keytab properties. These are set in the Sentry service but not in clients, especially the server keytab. This causes problems for Sentry clients to work with Sentry HA using secure ZK.
> The typical Sentry clients are downstream services like Hive and Impala which has their own principals and keytab. We should support additional config properties for Sentry client to specify their principal and keytab for Sentry client to use with secure ZK.
> Note that unlike Sentry thrift client, we can reuse the UGI to wrap the connection calls to reuse the login contex created in Hive or Impala.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)