Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-660

Support client principal and keytab configuration properties for Sentry HA to work with secure zookeeper

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently Sentry HAContext tries to the principal and keytab sentry.service.server.principal and sentry.service.server.keytab properties. These are set in the Sentry service but not in clients, especially the server keytab. This causes problems for Sentry clients to work with Sentry HA using secure ZK.
      The typical Sentry clients are downstream services like Hive and Impala which has their own principals and keytab. We should support additional config properties for Sentry client to specify their principal and keytab for Sentry client to use with secure ZK.
      Note that unlike Sentry thrift client, we can reuse the UGI to wrap the connection calls to reuse the login contex created in Hive or Impala.

        Attachments

        1. SENTRY-660.2.patch
          11 kB
          Prasad Suresh Mujumdar
        2. SENTRY-660.1.patch
          11 kB
          Prasad Suresh Mujumdar

          Issue Links

            Activity

              People

              • Assignee:
                prasadm Prasad Suresh Mujumdar
                Reporter:
                prasadm Prasad Suresh Mujumdar
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: