hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12911) Upgrade Hadoop MiniKDC with Kerby
Date Tue, 29 Mar 2016 10:47:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15215827#comment-15215827
] 

Steve Loughran commented on HADOOP-12911:
-----------------------------------------

I really like this code; I like how much simpler the POMs and the internals are getting. We
will need people who understand Kerberos to review it though; I don't count myself as one.

h2. MiniKdc.java

1. This could be a good time to make MiniKDC a subclass of AbstractService, though it may
(will?) break external users. Perhaps we could have a MiniKDC service, which the existing
MiniKDC code instantiated on its existing lifecycle.



2. If not done already, can the miniconf prefer TCP over UDP? It fails faster.


3. Why does /MiniKdc reset "sun.security.krb5.debug"? If set, I'd like it to stay that way.
You could use is current value as the default when reading
the configuration .

4. 

{code}
InputStream is = getResourceAsStream("minikdc-krb5.conf");
{code}
Add a {{Preconditions}} check that this isn't null.

5. need a check after {{transport = conf.getProperty(TRANSPORT);}} for a null value?

6. Teardown. Again, I'd like the JVM properties to be left unaltered. At the very least: remember
their originals. KDiag manipulates these in its own production code.

in {{TestClientRMTokens.java}} the realm is changed. does that make the comment on line 122
incorrect?


> Upgrade Hadoop MiniKDC with Kerby
> ---------------------------------
>
>                 Key: HADOOP-12911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12911
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: test
>            Reporter: Jiajia Li
>            Assignee: Jiajia Li
>         Attachments: HADOOP-12911-v1.patch, HADOOP-12911-v2.patch, HADOOP-12911-v3.patch,
HADOOP-12911-v4.patch
>
>
> As discussed in the mailing list, we’d like to introduce Apache Kerby into Hadoop.
Initially it’s good to start with upgrading Hadoop MiniKDC with Kerby offerings. Apache
Kerby (https://github.com/apache/directory-kerby), as an Apache Directory sub project, is
a Java Kerberos binding. It provides a SimpleKDC server that borrowed ideas from MiniKDC and
implemented all the facilities existing in MiniKDC. Currently MiniKDC depends on the old Kerberos
implementation in Directory Server project, but the implementation is stopped being maintained.
Directory community has a plan to replace the implementation using Kerby. MiniKDC can use
Kerby SimpleKDC directly to avoid depending on the full of Directory project. Kerby also provides
nice identity backends such as the lightweight memory based one and the very simple json one
for easy development and test environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message