hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-1150) Verify datanodes' identities to clients in secure clusters
Date Thu, 31 Mar 2011 23:06:05 GMT

    [ https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014267#comment-13014267
] 

Allen Wittenauer commented on HDFS-1150:
----------------------------------------

I don't see why it is Jakob's responsibility to answer my Windows compatibility question.


Let's face it: the probability that the secure Hadoop code functions on Windows is low.  We
all sort of agreed that the security features would fall into that bucket of stuff where we
(right or wrong) allow for non-portability.

But let me clarify my point, since I think you missed it:  If one can't run a Hadoop secure
cluster on Windows, then the fact that Apache's default Windows distribution method for the
Windows binary being zip is irrelevant. The person doing the portability work for secure Hadoop
on Windows would likely need to either fix this code or (and much more likely, see privileges
on Solaris, Todd's capabilities work for RHEL, etc) use a different method to guarantee that
the DN starts on a privileged port.

On the issue of builds, we *already* require that users pass flags to determine whether they
want to build with 32-bit or 64-bit.  This isn't any different than any of those, realistically.
 Given the push to use packaging for the next release (in addition to a tarball), then the
appropriate binary will be in the appropriate package.  The tarball including any native code
was likely a mistake.  We should have really made a separate "overlay" tarball that would
be applied over the non-architecture specific one.

> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
>                 Key: HDFS-1150
>                 URL: https://issues.apache.org/jira/browse/HDFS-1150
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node
>    Affects Versions: 0.22.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>             Fix For: 0.22.0
>
>         Attachments: HDFS-1150-BF-Y20-LOG-DIRS-2.patch, HDFS-1150-BF-Y20-LOG-DIRS.patch,
HDFS-1150-BF1-Y20.patch, HDFS-1150-Y20-BetterJsvcHandling.patch, HDFS-1150-Y20S-Rough-2.patch,
HDFS-1150-Y20S-Rough-3.patch, HDFS-1150-Y20S-Rough-4.patch, HDFS-1150-Y20S-Rough.txt, HDFS-1150-Y20S-ready-5.patch,
HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch, HDFS-1150-Y20S-ready-8.patch,
HDFS-1150-trunk-2.patch, HDFS-1150-trunk-3.patch, HDFS-1150-trunk.patch, HDFS-1150-y20.build-script.patch,
RequireSecurePorts.patch, commons-daemon-1.0.2-src.tar.gz, hdfs-1150-bugfix-1.1.patch, hdfs-1150-bugfix-1.2.patch,
hdfs-1150-bugfix-1.patch
>
>
> Currently we use block access tokens to allow datanodes to verify clients' identities,
however we don't have a way for clients to verify the authenticity of the datanodes themselves.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message