hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jakob Homan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HDFS-1150) Verify datanodes' identities to clients in secure clusters
Date Thu, 03 Jun 2010 01:11:57 GMT

     [ https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jakob Homan updated HDFS-1150:
------------------------------

    Attachment: HDFS-1150-Y20-BetterJsvcHandling.patch

Updating patch, not for commit.  We found that manually building the jsvc binary did not work
well; there were problems if the build machine is of different architecture (we run 32 bit
JVMs for DNs/TTs).  New process is to download the file, either directly from Apache, or overridden
via the -Djsvc.location param.  This greatly simplifies the jsvc process.

Also for those interested, in our testing here at Y!, this solution has worked great for securing
the datanodes.  We've run into no problems with running the datanodes under jsvc.

> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
>                 Key: HDFS-1150
>                 URL: https://issues.apache.org/jira/browse/HDFS-1150
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node
>    Affects Versions: 0.22.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>         Attachments: commons-daemon-1.0.2-src.tar.gz, HDFS-1150-BF-Y20-LOG-DIRS-2.patch,
HDFS-1150-BF-Y20-LOG-DIRS.patch, HDFS-1150-BF1-Y20.patch, hdfs-1150-bugfix-1.1.patch, hdfs-1150-bugfix-1.2.patch,
hdfs-1150-bugfix-1.patch, HDFS-1150-Y20-BetterJsvcHandling.patch, HDFS-1150-y20.build-script.patch,
HDFS-1150-Y20S-ready-5.patch, HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch,
HDFS-1150-Y20S-ready-8.patch, HDFS-1150-Y20S-Rough-2.patch, HDFS-1150-Y20S-Rough-3.patch,
HDFS-1150-Y20S-Rough-4.patch, HDFS-1150-Y20S-Rough.txt
>
>
> Currently we use block access tokens to allow datanodes to verify clients' identities,
however we don't have a way for clients to verify the authenticity of the datanodes themselves.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message