[SENTRY-1052] Sentry shell should use kerberos requestor and give better error messages for kerberos failures - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.7.0
Fix Version/s: 1.7.0
Component/s: Service
Labels:
None

Description

Currently, the sentry shell uses the java "user.name" which gives some unexpected behavior if the user is logged in via kerberos (i.e. you get error messages about your OS user when connecting to a secure sentry service).

In addition, the error messages around this are sometimes missing. For example, for a GSS initiate failure, which happens if there is kerberos ticket, you get no error message returned because the top-level exception has no error message. We should follow the exception causes until we find something reasonable to print.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-1052.patch
05/Feb/16 08:36
5 kB
Gregory Chanan

Issue Links

links to

Review Request

Activity

People

Assignee:: Gregory Chanan

Reporter:: Gregory Chanan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Feb/16 00:30

Updated:: 22/Feb/16 21:17

Resolved:: 22/Feb/16 21:17