hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (HDFS-3983) Hftp should support both SPNEGO and KSSL
Date Tue, 01 Oct 2013 15:12:26 GMT

     [ https://issues.apache.org/jira/browse/HDFS-3983?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Owen O'Malley resolved HDFS-3983.

          Resolution: Won't Fix
    Target Version/s:   (was: )

KSSL is deprecated and should never be used for secure deployments.

> Hftp should support both SPNEGO and KSSL
> ----------------------------------------
>                 Key: HDFS-3983
>                 URL: https://issues.apache.org/jira/browse/HDFS-3983
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0-alpha
>            Reporter: Eli Collins
>            Assignee: Eli Collins
>            Priority: Blocker
>         Attachments: hdfs-3983.txt, hdfs-3983.txt
> Hftp currently doesn't work against a secure cluster unless you configure {{dfs.https.port}}
to be the http port, otherwise the client can't fetch tokens:
> {noformat}
> $ hadoop fs -ls hftp://c1225.hal.cloudera.com:50070/
> 12/09/26 18:02:00 INFO fs.FileSystem: Couldn't get a delegation token from http://c1225.hal.cloudera.com:50470
using http.
> ls: Security enabled but user not authenticated by filter
> {noformat}
> This is due to Hftp still using the https port. Post HDFS-2617 it should use the regular
http port. Hsftp should still use the secure port, however now that we have HADOOP-8581 it's
worth considering removing Hsftp entirely. I'll start a separate thread about that.  

This message was sent by Atlassian JIRA

View raw message