impala-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Robinson (Code Review)" <ger...@cloudera.org>
Subject [Impala-CR](cdh5-2.5.0_5.7.0) IMPALA-3095: Add configurable whitelist of authorized internal principals
Date Sat, 27 Feb 2016 11:31:41 GMT
Henry Robinson has posted comments on this change.

Change subject: IMPALA-3095: Add configurable whitelist of authorized internal principals
......................................................................


Patch Set 1:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/2334/1/be/src/rpc/authentication-test.cc
File be/src/rpc/authentication-test.cc:

Line 74:   string service_name_wrong_realm("service_name/localhost@different.realm");
       :   EXPECT_EQ(SASL_OK,
       :       SaslAuthorizeInternal(NULL, (void*)&sa, service_name_wrong_realm.c_str(),
       :           service_name_wrong_realm.size(), NULL, 0, NULL, 0, NULL));
> This shouldn't pass in practice (because the cyrus-sasl library shouldn't a
Good point - there's no need to have a test for it then, I think.


http://gerrit.cloudera.org:8080/#/c/2334/1/be/src/rpc/authentication.cc
File be/src/rpc/authentication.cc:

Line 94: "hdfs"
> I'm guessing people would wonder why we have hdfs as the default here. Shou
In an ideal world this would not be the default, but I think for expediency's sake it's ok
to have this anticipate the known third-party user that needs to access. I don't expect this
to be changed in 99% of installations.


-- 
To view, visit http://gerrit.cloudera.org:8080/2334
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: If828e86c99c3c398319953b1d3b33d5e3af200da
Gerrit-PatchSet: 1
Gerrit-Project: Impala
Gerrit-Branch: cdh5-2.5.0_5.7.0
Gerrit-Owner: Henry Robinson <henry@cloudera.com>
Gerrit-Reviewer: Henry Robinson <henry@cloudera.com>
Gerrit-Reviewer: Sailesh Mukil <sailesh@cloudera.com>
Gerrit-HasComments: Yes

Mime
View raw message