accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-4421) TraceServer should fall back to GENERIC_KERBEROS_PRINCIPAL when trace specific kerberos settings are not present
Date Fri, 26 Aug 2016 21:09:22 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-4421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15439860#comment-15439860
] 

Josh Elser commented on ACCUMULO-4421:
--------------------------------------

bq. Josh Elser I think this is ready for review. The tl;dr: is "if we're not set to use a
token derived from KerberosToken, fall back to the old server login behavior."

Great. I think this looks good (especially given that you tested it on a cluster!!)

One thing I will mention is that the renewal thread is *not* being started. I think we should
fix that here. Let me make an addendum on your v3. I think this would be simple to do.

> TraceServer should fall back to GENERIC_KERBEROS_PRINCIPAL when trace specific kerberos
settings are not present
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: ACCUMULO-4421
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-4421
>             Project: Accumulo
>          Issue Type: Bug
>          Components: trace
>    Affects Versions: 1.7.1, 1.7.2
>            Reporter: Sean Busbey
>            Assignee: Sean Busbey
>            Priority: Blocker
>             Fix For: 1.7.3, 1.8.0
>
>         Attachments: ACCUMULO-4421-1.7.v3.patch, ACCUMULO-4421.1.patch, ACCUMULO-4421.2.patch
>
>
> Prior to 1.7, the TraceServer always started using the same server utils as the other
daemons. Since a trace server has to talk to Accumulo and that might involve needing a Kerberos
Identity in 1.7+, it was switched to its own setup.
> Currently that setup will default back to GENERIC_KERBEROS_KEYTAB if a keytab isn't specified
for the trace user, but it will simply exit early if there isn't a principal defined for hte
trace user. It should instead default to the GENERIC_KERBEROS_PRINCIPAL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message