[SENTRY-660] Support client principal and keytab configuration properties for Sentry HA to work with secure zookeeper - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.5.0
Component/s: None
Labels:
None

Description

Currently Sentry HAContext tries to the principal and keytab sentry.service.server.principal and sentry.service.server.keytab properties. These are set in the Sentry service but not in clients, especially the server keytab. This causes problems for Sentry clients to work with Sentry HA using secure ZK.
The typical Sentry clients are downstream services like Hive and Impala which has their own principals and keytab. We should support additional config properties for Sentry client to specify their principal and keytab for Sentry client to use with secure ZK.
Note that unlike Sentry thrift client, we can reuse the UGI to wrap the connection calls to reuse the login contex created in Hive or Impala.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-660.1.patch
25/Feb/15 23:40
11 kB
Prasad Suresh Mujumdar
SENTRY-660.2.patch
26/Feb/15 09:42
11 kB
Prasad Suresh Mujumdar

Issue Links

links to

Review #31448

Activity

People

Assignee:: Prasad Suresh Mujumdar

Reporter:: Prasad Suresh Mujumdar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Feb/15 09:17

Updated:: 26/Feb/15 20:02

Resolved:: 26/Feb/15 20:02