Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 760E79B3E for ; Wed, 28 Mar 2012 01:55:46 +0000 (UTC) Received: (qmail 52573 invoked by uid 500); 28 Mar 2012 01:55:46 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 52520 invoked by uid 500); 28 Mar 2012 01:55:46 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 52508 invoked by uid 99); 28 Mar 2012 01:55:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Mar 2012 01:55:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 28 Mar 2012 01:55:43 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 0619F3492DE for ; Wed, 28 Mar 2012 01:55:23 +0000 (UTC) Date: Wed, 28 Mar 2012 01:55:23 +0000 (UTC) From: "Jakob Homan (Commented) (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: <1501676632.26558.1332899723026.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <649383873.29392.1322707060120.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13240104#comment-13240104 ] Jakob Homan commented on HDFS-2617: ----------------------------------- bq. In the meantime can you answer Alejandro's question wrt we we need to keep the SSL HTTP configuration? We don't. As described in the comments above, the posted patch is what we've deployed here, not the final version to be committed. Removing SSL is a fine thing to do, when I finish the main patch. > Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution > ------------------------------------------------------------------------------ > > Key: HDFS-2617 > URL: https://issues.apache.org/jira/browse/HDFS-2617 > Project: Hadoop HDFS > Issue Type: Improvement > Reporter: Jakob Homan > Assignee: Jakob Homan > Attachments: HDFS-2617-a.patch > > > The current approach to secure and authenticate nn web services is based on Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can get rid of the non-standard KSSL and use SPNEGO throughout. This will simplify setup and configuration. Also, Kerberized SSL is a non-standard approach with its own quirks and dark corners (HDFS-2386). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira