Goodnight, sweet non-blocking prince. We didn't support, or test, this
configuration, and it doesn't work with security or sessions and brings
in some annoying dependencies that are a pain to build.
We have other RPC-stack options to investigate; we may wind up re-adding
the non-blocking server but only in a way that supports all required
features more regularly.
Change-Id: Ifbcabc5014441f6d31c342c4e288dd7fc6201443
This patch reworks our Kerberos authentication layer to support multiple
authentication protocols, particularly PLAIN/SASL to support external
LDAP authentication.
There is now a system-wide AuthManager object, initialised by InitAuth()
which occurs during the usual InitCommonRuntime() setup. The AuthManager
is responsible for supplying AuthProvider objects to ThriftServers and
ThriftClients. The AuthProvider in turn generates Thrift transport
objects which are usually SASL-enabled, and which either employ GSSAPI
or PLAIN mechanisms.
In miscellaneous changes:
* Cyrus SASL now builds both with LDAP and the dummy '--enable-true'
external authentication mechanisms enabled.
* To test PLAIN/SASL authentication, you must now include
$IMPALA_HOME/thirdparty/${IMPALA_CYRUS_SASL_VERSION}/build/lib/sasl2 in
FLAGS_sasl_path.
* The shell now has an option to authenticate using LDAP, and will
prompt for a password at startup before doing so.
* Since the authentication code is almost entirely Thrift-specific, it
has been moved to the rpc lib.
Change-Id: I771de50f05630efdf1606ab9f0f48146ad54595e
Reviewed-on: http://gerrit.ent.cloudera.com:8080/716
Tested-by: jenkins
Reviewed-by: Henry Robinson <henry@cloudera.com>
We've had at least one case of Sasl failing to build during
Saslauthd. We don't use that component, so it's fine to disable it
rather than figure out the actual issue.
Change-Id: I1e16063970806823f7fe3b40a1b0e74a32c4b57f
Reviewed-on: http://gerrit.ent.cloudera.com:8080/736
Reviewed-by: Henry Robinson <henry@cloudera.com>
Tested-by: Henry Robinson <henry@cloudera.com>
Now you can write:
./build_thirdparty -sasl -gflags
or similar to build individual thirdparty libaries, which is handy if
you're upgrading a single library or changing its build flags.
The behaviour with no command-line flags is the same as before this
patch, except that the 'git clean' is called only from the individual
library directories, rather than /thirdparty as before; this avoids
blowing away unchecked in directories while still removing build
artefacts as intended.
Change-Id: Iaafb6f6e42b0173c11eec3b08c8dea895dcd9199
Reviewed-on: http://gerrit.ent.cloudera.com:8080/725
Reviewed-by: Lenni Kuff <lskuff@cloudera.com>
Tested-by: jenkins
