hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jiajia Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12911) Upgrade Hadoop MiniKDC with Kerby
Date Wed, 30 Mar 2016 02:23:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15217264#comment-15217264
] 

Jiajia Li commented on HADOOP-12911:
------------------------------------

Hi Steve, thanks for your review and comments.
1. It's a great idea to make MiniKDC the subclass of AbstractService.
2. I think the TCP is set as the defaut transport. line 179:
{code}
DEFAULT_CONFIG.setProperty(TRANSPORT, "TCP");
{code}
Did I get your point?
3. 
{code}
System.setProperty(SUN_SECURITY_KRB5_DEBUG, conf.getProperty(DEBUG, "false"));
{code}
The same as the the original MiniKDC, but I agree you point to use the current value as the
default.
4,5,6. Yes, I will update the patch.
Thanks again.


> Upgrade Hadoop MiniKDC with Kerby
> ---------------------------------
>
>                 Key: HADOOP-12911
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12911
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: test
>            Reporter: Jiajia Li
>            Assignee: Jiajia Li
>         Attachments: HADOOP-12911-v1.patch, HADOOP-12911-v2.patch, HADOOP-12911-v3.patch,
HADOOP-12911-v4.patch
>
>
> As discussed in the mailing list, we’d like to introduce Apache Kerby into Hadoop.
Initially it’s good to start with upgrading Hadoop MiniKDC with Kerby offerings. Apache
Kerby (https://github.com/apache/directory-kerby), as an Apache Directory sub project, is
a Java Kerberos binding. It provides a SimpleKDC server that borrowed ideas from MiniKDC and
implemented all the facilities existing in MiniKDC. Currently MiniKDC depends on the old Kerberos
implementation in Directory Server project, but the implementation is stopped being maintained.
Directory community has a plan to replace the implementation using Kerby. MiniKDC can use
Kerby SimpleKDC directly to avoid depending on the full of Directory project. Kerby also provides
nice identity backends such as the lightweight memory based one and the very simple json one
for easy development and test environments.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message