hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for developer workstations
Date Mon, 07 Feb 2011 21:07:57 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991607#comment-12991607
] 

Allen Wittenauer commented on HADOOP-7083:
------------------------------------------

> Do you consider those to be bugs?

I'll have to look at the specifics of those two settings, but chances are, yes, they should
not have been committed if we want to take security seriously.  

If dfs.block.access.token.enable is the one that I think it is, it likely should have been
held off until we had a real solution (something commit-able) to run the datanode on a privileged
port rather then adding it as a "something we might use some day".  (Yes, I'm fully aware
that this hurts myself more than maybe anyone else, given that Solaris has supported privilege
delegation for quite some time now.)

> straw men

> If my goal is to learn about how a kerberized cluster behaves, I don't want all the 
> hardening (and associated inconvenience) that a company storing financial 
> information would want.

But you do want a realistic environment, including the setup pain. So that includes the ten
minutes to compile native code.

> Should we bring this to a discussion on the mailing lists rather than in these specific
bugs?

Feel free.

> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
>                 Key: HADOOP-7083
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7083
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: native, security
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Alejandro Abdelnur
>         Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is annoying on platforms
like OSX where the native code can be tricky to get compiled and working. We should allow
developers to disable this aspect of security by setting a special flag.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message