hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy Isaacson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8855) SSL-based image transfer does not work when Kerberos is disabled
Date Wed, 26 Sep 2012 21:57:08 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13464217#comment-13464217
] 

Andy Isaacson commented on HADOOP-8855:
---------------------------------------

I tested Todd's patch on a cluster with various permutations of krb5 and SSL. With the patched
JAR, all of my tests passed.
- hadoop.security.authentication=kerberos hadoop.ssl.enabled=true: dfsadmin -fetchImage works.
- hadoop.security.authentication=simple hadoop.ssl.enabled=true: fetchImage works.
- hadoop.security.authentication=kerberos hadoop.ssl.enabled=false: fetchImage works.

I also duplicated Todd's observation that {{dfsadmin -fetchImage}} does not work on krb5 without
the doAs.
                
> SSL-based image transfer does not work when Kerberos is disabled
> ----------------------------------------------------------------
>
>                 Key: HADOOP-8855
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8855
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 3.0.0, 2.0.2-alpha
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Minor
>         Attachments: hadoop-8855.txt, hadoop-8855.txt, hadoop-8855.txt
>
>
> In SecurityUtil.openSecureHttpConnection, we first check {{UserGroupInformation.isSecurityEnabled()}}.
However, this only checks the kerberos config, which is independent of {{hadoop.ssl.enabled}}.
Instead, we should check {{HttpConfig.isSecure()}}.
> Credit to Wing Yew Poon for discovering this bug

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message