hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jitendra Nath Pandey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
Date Thu, 18 Aug 2011 02:37:27 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13086752#comment-13086752
] 

Jitendra Nath Pandey commented on HDFS-2264:
--------------------------------------------

I missed to mention earlier that Checkpointer and BackupNode are also using this protocol.
Although, it is reasonable that SNN and Balancer should use different protocols but we should
not add different protocols for each of these. Protocol Acls solve this issue, and will allow
different principals for different clients talking NamenodeProtocol to the namenode.


> NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation
> -----------------------------------------------------------------------------------
>
>                 Key: HDFS-2264
>                 URL: https://issues.apache.org/jira/browse/HDFS-2264
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: name-node
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Harsh J
>             Fix For: 0.23.0
>
>         Attachments: HDFS-2264.r1.diff
>
>
> The {{@KerberosInfo}} annotation specifies the expected server and client principals
for a given protocol in order to look up the correct principal name from the config. The {{NamenodeProtocol}}
has the wrong value for the client config key. This wasn't noticed because most setups actually
use the same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), in which
the {{_HOST}} part gets replaced at run-time. This bug therefore only manifests itself on
secure setups which explicitly specify the NN and 2NN principals.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message