Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-9430

Kerberos configs should be passed through to Kerberos libraries even if principal is not set

    XMLWordPrintableJSON

    Details

    • Epic Color:
      ghx-label-8

      Description

      InitKerberosEnv() configures native and JDK kerberos implementations based on command-line flags: https://github.com/apache/impala/blob/d1b42c836c3458a2ef3662c0b0b1fd8fbf8f2baf/be/src/rpc/authentication.cc#L866 . It only does this when --principal is set.

      It's possible that Impala can be set up to use kerberos to communicate with some external services, e.g. HMS or Hive, even if --principal is not set, since those clients read in config XML files that are independent of the Impala flags. This isn't a recommended configuration and requires a fair bit of expertise to get right, but I think it's very surprising that the configs don't get passed through in the case. The documentation doesn't mention this behaviour.

      The suggested change here is to apply the config changes independent of the value of --principal. It should be a noop if kerberos is not configured for any services.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tarmstrong Tim Armstrong
                Reporter:
                tarmstrong Tim Armstrong
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: