Return-Path: <user-return-1097-archive-asf-public=cust-asf.ponee.io@kudu.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 34DE3200D24
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 24 Oct 2017 21:41:56 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 33609160BDB; Tue, 24 Oct 2017 19:41:56 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 796EF1609C8
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 24 Oct 2017 21:41:55 +0200 (CEST)
Received: (qmail 68352 invoked by uid 500); 24 Oct 2017 19:41:54 -0000
Mailing-List: contact user-help@kudu.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@kudu.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@kudu.apache.org>
List-Post: <mailto:user@kudu.apache.org>
List-Id: <user.kudu.apache.org>
Reply-To: user@kudu.apache.org
Delivered-To: mailing list user@kudu.apache.org
Received: (qmail 68342 invoked by uid 99); 24 Oct 2017 19:41:54 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Oct 2017 19:41:54 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 7F2FA180157
	for <user@kudu.apache.org>; Tue, 24 Oct 2017 19:41:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.38
X-Spam-Level: **
X-Spam-Status: No, score=2.38 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=cloudera.com
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id qAgWMMl0ST87 for <user@kudu.apache.org>;
	Tue, 24 Oct 2017 19:41:52 +0000 (UTC)
Received: from mail-ua0-f182.google.com (mail-ua0-f182.google.com [209.85.217.182])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 66F435FB52
	for <user@kudu.apache.org>; Tue, 24 Oct 2017 19:41:51 +0000 (UTC)
Received: by mail-ua0-f182.google.com with SMTP id i35so16170340uah.9
        for <user@kudu.apache.org>; Tue, 24 Oct 2017 12:41:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloudera.com; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
        bh=kMWP/3Z4AKh2+fbMLXu0ZG52mr9RKzKcgCcPmXvKbXY=;
        b=kkzW0YfIzox6Bm/9iWQPjypyEsapmxmHnOJyAFUyIg6GDr6EfAqxUuKc/CZVpotOnJ
         ehhJ2lQXdz8jUTyznj0NyIKMlyydVD+QYUN6gPmpFDDvtADaXR9bC7J3w7nyB7SqUrhy
         0p3Sv8fEWQABXU2CVkdEAXK+FoE2SkpfrE6+kyBwDUcnuoNU2ioNwPVsDZYfDkau6C2J
         rXSxAR7kkEVBHfCRIuV0JNw/kr9Xp6eD8S+YoNuyYXv5Gbg1sedfI82Yb1Lt1k0stWhE
         UEG7fhuu0lScR2DrhJ97yD92/6w6+ySCHv84XDAKPZ9sen84Du7ctsRFNrNKs87ZuqpC
         FGlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to;
        bh=kMWP/3Z4AKh2+fbMLXu0ZG52mr9RKzKcgCcPmXvKbXY=;
        b=K6IZeT1UAzQ1/2Cc9HqS8BiPQQ/p1Hm/gR+ADiKeqenUdTe91N+J3DsDMQXrkSI/jm
         mEmu135pLJk+pKD8eu/n3kdHwGQSflsqlmGydomrINgCRQTt/NUJbsN6DKK5f/J2u09f
         LfElXLYqSbMXo2F95UEHtWZTSJ43zheBeYIvHvC0eIx/joHh+ExkmFziw8wWJPbhYnsI
         fMgNPaJK8TaHpVohoRKHHcblOw7k1dtOosp7uz9/uPTX/gEVIETSZukRKIlzp30YqkdP
         IP8+jMLWasVpE1PWaqEA3EWwpdqqzN4BlQ/EyG6ieTW3SJfiItUIbtc/nIYH6NQkjYJM
         gRgA==
X-Gm-Message-State: AMCzsaXpJnSbU6y7/yiYdI10AKe5jiHenfP7rWxjWKTwAtIpmfz5eVlS
	tCHJy8kd78BoIlADG44XkBW5om2bsadZ399hY16XknxroTQ=
X-Google-Smtp-Source: ABhQp+QAQRepuDNTaJ/oqhxPG/TzE75JR7stynKUSpRjQqDM2dvkfeNguq9vuYNIamnTidhYVM2eL4+CGYrXIHzmGTQ=
X-Received: by 10.159.47.25 with SMTP id x25mr1026757uaj.46.1508874109287;
 Tue, 24 Oct 2017 12:41:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.63.134 with HTTP; Tue, 24 Oct 2017 12:41:28 -0700 (PDT)
In-Reply-To: <CA+hOsvAhQJJpw7CoqyH0eWYsaJZ-KTgFmBL+1XVsmha-vd4RDQ@mail.gmail.com>
References: <CALQ8dW52CfwRM+nouuJSZOkaRBEgtRov_vw26Q-+QyRwoM6Wcg@mail.gmail.com>
 <CADY20s5zQvdZb8WOctkaQfn1wn7f3_VP8q6VZrHYV+O+rd-Nfg@mail.gmail.com>
 <CALQ8dW6XtPNs0Ms0N+TCJWCLp+Xi2_q2KhpsfRL=1dFE3Sm9Nw@mail.gmail.com>
 <CADY20s4kQDaYfHd4s23mCeBrM9VFuZUDOQzPy9uD3HX3Wg5UbQ@mail.gmail.com> <CA+hOsvAhQJJpw7CoqyH0eWYsaJZ-KTgFmBL+1XVsmha-vd4RDQ@mail.gmail.com>
From: Todd Lipcon <todd@cloudera.com>
Date: Tue, 24 Oct 2017 12:41:28 -0700
Message-ID: <CADY20s4RTF2y9jeg36ZX=K4Pn9+t7cMwbyymZc0xZ-z1460Syg@mail.gmail.com>
Subject: Re: kudu 1.4 kerberos
To: user@kudu.apache.org
Content-Type: multipart/alternative; boundary="089e08250af84bb1e2055c50216b"
archived-at: Tue, 24 Oct 2017 19:41:56 -0000

--089e08250af84bb1e2055c50216b
Content-Type: text/plain; charset="UTF-8"

I've filed https://issues.apache.org/jira/browse/KUDU-2198 to provide a
workaround for systems like this. I should have a patch up shortly since
it's relatively simple.

-Todd

On Tue, Oct 17, 2017 at 7:00 PM, Brock Noland <brock@phdata.io> wrote:

> Just one clarification below...
>
> > On Mon, Oct 16, 2017 at 2:29 PM, Matteo Durighetto <
> m.durighetto@miriade.it> wrote:
> > the "abcdefgh1234" it's an example of the the string created by the
> cloudera manager during the enable kerberos.
>
> ...
>
> On Mon, Oct 16, 2017 at 11:57 PM, Todd Lipcon <todd@cloudera.com> wrote:
> > Interesting. What is the sAMAccountName in this case? Wouldn't all of
> the 'kudu' have the same account name?
>
> CM generates some random names for cn and sAMAccountName. Below is an
> example created by CM.
>
> dn: CN=uQAtUOSwrA,OU=valhalla-kerberos,OU=Hadoop,DC=phdata,DC=io
> cn: uQAtUOSwrA
> sAMAccountName: uQAtUOSwrA
> userPrincipalName: kudu/worker5.valhalla.phdata.io@PHDATA.IO
> servicePrincipalName: kudu/worker5.valhalla.phdata.io
>



-- 
Todd Lipcon
Software Engineer, Cloudera

--089e08250af84bb1e2055c50216b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;ve filed=C2=A0<a href=3D"https://issues.apache.org/j=
ira/browse/KUDU-2198">https://issues.apache.org/jira/browse/KUDU-2198</a> t=
o provide a workaround for systems like this. I should have a patch up shor=
tly since it&#39;s relatively simple.<div><br></div><div>-Todd</div></div><=
div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Tue, Oct 17, 20=
17 at 7:00 PM, Brock Noland <span dir=3D"ltr">&lt;<a href=3D"mailto:brock@p=
hdata.io" target=3D"_blank">brock@phdata.io</a>&gt;</span> wrote:<br><block=
quote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc=
 solid;padding-left:1ex">Just one clarification below...<br>
<span class=3D""><br>
&gt; On Mon, Oct 16, 2017 at 2:29 PM, Matteo Durighetto &lt;<a href=3D"mail=
to:m.durighetto@miriade.it">m.durighetto@miriade.it</a>&gt; wrote:<br>
</span><span class=3D"">&gt; the &quot;abcdefgh1234&quot; it&#39;s an examp=
le of the the string created by the cloudera manager during the enable kerb=
eros.<br>
<br>
</span>...<br>
<span class=3D""><br>
On Mon, Oct 16, 2017 at 11:57 PM, Todd Lipcon &lt;<a href=3D"mailto:todd@cl=
oudera.com">todd@cloudera.com</a>&gt; wrote:<br>
&gt; Interesting. What is the sAMAccountName in this case? Wouldn&#39;t all=
 of the &#39;kudu&#39; have the same account name?<br>
<br>
</span>CM generates some random names for cn and sAMAccountName. Below is a=
n<br>
example created by CM.<br>
<br>
dn: CN=3DuQAtUOSwrA,OU=3Dvalhalla-<wbr>kerberos,OU=3DHadoop,DC=3Dphdata,<wb=
r>DC=3Dio<br>
cn: uQAtUOSwrA<br>
sAMAccountName: uQAtUOSwrA<br>
userPrincipalName: kudu/<a href=3D"mailto:worker5.valhalla.phdata.io@PHDATA=
.IO">worker5.valhalla.phdata.<wbr>io@PHDATA.IO</a><br>
servicePrincipalName: kudu/<a href=3D"http://worker5.valhalla.phdata.io" re=
l=3D"noreferrer" target=3D"_blank">worker5.valhalla.phdata.<wbr>io</a><br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature" data-smartmail=3D"gmail_signature">Todd Lipcon<br>Soft=
ware Engineer, Cloudera</div>
</div>

--089e08250af84bb1e2055c50216b--