You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2017/09/05 22:26:47 UTC
[2/9] incubator-impala git commit: security: only lookup hostname if
_HOST substitution is required
security: only lookup hostname if _HOST substitution is required
The Kerberos principal configuration uses the special token '_HOST' to
indicate that the FQDN of the host should be specified. Previously we
would always lookup the FQDN even if the substitution was not required,
which might mean that startup would fail if there was no FQDN available,
even if no _HOST substitution was required.
Now, we only lookup the FQDN if FLAGS_principal contains the
substitution token. This provides the possibility of a workaround of
explicit principal configuration on machines with no FQDN.
Change-Id: I5de8647d6cf63ea70d880fa530fa289e8bae24fe
Reviewed-on: http://gerrit.cloudera.org:8080/7694
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Reviewed-on: http://gerrit.cloudera.org:8080/7894
Reviewed-by: Sailesh Mukil <sa...@cloudera.com>
Tested-by: Sailesh Mukil <sa...@cloudera.com>
Project: http://git-wip-us.apache.org/repos/asf/incubator-impala/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-impala/commit/e7bd0ce5
Tree: http://git-wip-us.apache.org/repos/asf/incubator-impala/tree/e7bd0ce5
Diff: http://git-wip-us.apache.org/repos/asf/incubator-impala/diff/e7bd0ce5
Branch: refs/heads/master
Commit: e7bd0ce5b9f2d44bc0d429672924d19a0142c2b1
Parents: d1239a9
Author: Todd Lipcon <to...@apache.org>
Authored: Wed Aug 16 19:12:44 2017 -0700
Committer: Sailesh Mukil <sa...@cloudera.com>
Committed: Fri Sep 1 03:09:25 2017 +0000
----------------------------------------------------------------------
be/src/kudu/security/init.cc | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-impala/blob/e7bd0ce5/be/src/kudu/security/init.cc
----------------------------------------------------------------------
diff --git a/be/src/kudu/security/init.cc b/be/src/kudu/security/init.cc
index c1e94ed..aff20e9 100644
--- a/be/src/kudu/security/init.cc
+++ b/be/src/kudu/security/init.cc
@@ -390,14 +390,17 @@ Status KinitContext::Kinit(const string& keytab_path, const string& principal) {
Status GetConfiguredPrincipal(string* principal) {
string p = FLAGS_principal;
- string hostname;
- // Try to fill in either the FQDN or hostname.
- if (!GetFQDN(&hostname).ok()) {
- RETURN_NOT_OK(GetHostname(&hostname));
+ const auto& kHostToken = "_HOST";
+ if (p.find(kHostToken) != string::npos) {
+ string hostname;
+ // Try to fill in either the FQDN or hostname.
+ if (!GetFQDN(&hostname).ok()) {
+ RETURN_NOT_OK(GetHostname(&hostname));
+ }
+ // Hosts in principal names are canonicalized to lower-case.
+ std::transform(hostname.begin(), hostname.end(), hostname.begin(), tolower);
+ GlobalReplaceSubstring(kHostToken, hostname, &p);
}
- // Hosts in principal names are canonicalized to lower-case.
- std::transform(hostname.begin(), hostname.end(), hostname.begin(), tolower);
- GlobalReplaceSubstring("_HOST", hostname, &p);
*principal = p;
return Status::OK();
}