hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
Date Wed, 21 Dec 2011 06:41:31 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173909#comment-13173909
] 

Aaron T. Myers commented on HDFS-2617:
--------------------------------------

bq. The next question is - how to deprecate the kerbssl. It'll be quite annoying to have to
support both for a couple releases.

I realize this isn't ideal, but I'm in favor of just ripping out kssl in an incompatible way.
I think it's reasonable to expect that the NN and 2NN be upgraded in lockstep. Though it's
obviously undesirable to have to match client version to server version just to run fsck,
I'm of the opinion that that's an acceptable tradeoff versus the pain of having to support
both kssl and something else for a few releases.
                
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-2617
>                 URL: https://issues.apache.org/jira/browse/HDFS-2617
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>
> The current approach to secure and authenticate nn web services is based on Kerberized
SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can
get rid of the non-standard KSSL and use SPNEGO throughout.  This will simplify setup and
configuration.  Also, Kerberized SSL is a non-standard approach with its own quirks and dark
corners (HDFS-2386).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message