Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.5.0
-
None
-
None
Description
Currently Sentry HAContext tries to the principal and keytab sentry.service.server.principal and sentry.service.server.keytab properties. These are set in the Sentry service but not in clients, especially the server keytab. This causes problems for Sentry clients to work with Sentry HA using secure ZK.
The typical Sentry clients are downstream services like Hive and Impala which has their own principals and keytab. We should support additional config properties for Sentry client to specify their principal and keytab for Sentry client to use with secure ZK.
Note that unlike Sentry thrift client, we can reuse the UGI to wrap the connection calls to reuse the login contex created in Hive or Impala.
Attachments
Attachments
Issue Links
- links to