Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#2711] feat(filesystem): Support Kerberos client authentication in gvfs #3340

Merged
merged 1 commit into from
May 11, 2024
Merged

[#2711] feat(filesystem): Support Kerberos client authentication in gvfs #3340

merged 1 commit into from
May 11, 2024

Conversation

jerryshao
Copy link
Contributor

What changes were proposed in this pull request?

Support using Kerberos authentication type to initialize Gravitino client in gvfs.

Why are the changes needed?

Fix: #2711

How was this patch tested?

Add some uts for:

  1. use principal and keytab to auth.
  2. kerberos configs for gvfs.
  3. some invalid kerberos case.

Test locally and use kerberos ticket cache to initialize gvfs. The steps are as follows:

  1. Deploy the KDC server locally, refer to the doc: https://blog.csdn.net/lo085213/article/details/105057186.
  2. Register the service account HTTP/localhost@HADOOP.COM and client account client@HADOOP.COM in the KDC server.
  3. Execute the kinit -kt client.keytab client@HADOOP.COM command locally.
  4. Use the klist command to check the environment for tickets containing client@HADOOP.COM.
  5. Write a unit test to load metalake through gvfs with the kerberos ticket cache.
    image
    image
    image

@xloya @web-flow
[#2711] feat(filesystem): Support Kerberos client authentication in g…
3e4c1bb 
…vfs (#3314)

### What changes were proposed in this pull request?

Support using Kerberos authentication type to initialize Gravitino
client in gvfs.

### Why are the changes needed?

Fix: #2711 

### How was this patch tested?

Add some uts for: 
1. use principal and keytab to auth.
2. kerberos configs for gvfs.
3. some invalid kerberos case.

Test locally and use `kerberos ticket cache` to initialize gvfs. The
steps are as follows:
1. Deploy the KDC server locally, refer to the doc:
https://blog.csdn.net/lo085213/article/details/105057186.
2. Register the service account `HTTP/localhost@HADOOP.COM` and client
account `client@HADOOP.COM` in the KDC server.
3. Execute the `kinit -kt client.keytab client@HADOOP.COM` command
locally.
4. Use the `klist` command to check the environment for tickets
containing `client@HADOOP.COM`.
5. Write a unit test to load metalake through gvfs with the kerberos
ticket cache.

![image](https://github.com/datastrato/gravitino/assets/26177232/f655e687-8412-4000-bb07-bd9ccadd8387)

![image](https://github.com/datastrato/gravitino/assets/26177232/a3d36646-37ad-44b9-8cca-129a18196663)

![image](https://github.com/datastrato/gravitino/assets/26177232/df7504a2-046d-45fa-9da3-7b681ebfd7e1)

---------

Co-authored-by: xiaojiebao <xiaojiebao@xiaomi.com>
@qqqttt123 qqqttt123 merged commit 636a43e into branch-0.5 May 11, 2024
22 checks passed
@qqqttt123 qqqttt123 deleted the cherry-pick-branch-0.5-77144d76945fa06bc4d01542c1c0193f373d21e3 branch May 11, 2024 12:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qqqttt123 qqqttt123 qqqttt123 approved these changes

Assignees
No one assigned
Labels
cherry-pick
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jerryshao @qqqttt123 @xloya