hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-11017) KMS delegation token secret manager should be able to use zookeeper as store
Date Sat, 20 Sep 2014 05:25:34 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-11017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Arun Suresh updated HADOOP-11017:
---------------------------------
    Attachment: HADOOP-11017.8.patch

Updating patch, thanks for the multiple reviews [~tucu00]

bq. The if {{authType.equals("sasl")}} has an {{else}} block, it should have an else if {{authType.equals("none")}}
block and the final else should throw an exception.
[~tucu00], I had put a {{Precondition.checkArgument()}} prior to the if black to check if
{{authType}} is either "none" or "sasl"... guess you might have missed it.. I was thinking
that should take care of it.

bq.  keep insisting that the following conf setup is not need it. Please check using KMS to
verify. Also, in case they are needed, they are wrong, the set property is always UPDATE_INTERVAL
Agreed [~tucu00].. It should not be there..
But the reason I had kept it there is that, prior to this patch, the {{configPrefix}} variable
in the section of the code you quoted was actually not the same prefix that is stripped by
the {{KMSAuthenticationFIlter}}.. it is actually the {{AuthenticationHandler}} type. On further
going thru the code.. it looks like there is no actual need for you don't need to do another
prefix stripping (Since you probably wont have multiple DelegationTokenHandlers configured
at the same time i guess).. Anyway, I have removed it.. doesn't seem to be breaking anything..

> KMS delegation token secret manager should be able to use zookeeper as store
> ----------------------------------------------------------------------------
>
>                 Key: HADOOP-11017
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11017
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-11017.1.patch, HADOOP-11017.2.patch, HADOOP-11017.3.patch,
HADOOP-11017.4.patch, HADOOP-11017.5.patch, HADOOP-11017.6.patch, HADOOP-11017.7.patch, HADOOP-11017.8.patch,
HADOOP-11017.WIP.patch
>
>
> This will allow supporting multiple KMS instances behind a load balancer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message