hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Isaacson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
Date Wed, 26 Sep 2012 22:49:08 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464261#comment-13464261
] 

Andy Isaacson commented on HADOOP-8855:
---------------------------------------

Further to the above, I've also verified that using the patched JAR, the 2NN is able to retrieve
the fsimage from the NN with config
{code}
    <name>hadoop.ssl.enabled</name>
    <value>true</value>
...
    <name>hadoop.security.authorization</name>
    <value>false</value>
...
    <name>hadoop.security.authentication</name>
    <value>simple</value>
{code}

Thanks for the fix, Todd.
                
> SSL-based image transfer does not work when Kerberos is disabled
> ----------------------------------------------------------------
>
>                 Key: HADOOP-8855
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8855
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Minor
>         Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check {{UserGroupInformation.isSecurityEnabled()}}.
However, this only checks the kerberos config, which is independent of {{hadoop.ssl.enabled}}.
Instead, we should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message