hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
Date Thu, 17 May 2012 19:30:09 GMT

    [ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13278138#comment-13278138
] 

Aaron T. Myers commented on HDFS-2617:
--------------------------------------

bq. Should this be marked resolved or are we leaving it open for commit to 1.1?

I'd like to put some version of this patch in 1.1, perhaps with a config option to continue
to use KSSL if one wants so we don't necessarily break deployments that are currently successfully
using KSSL.

Perhaps we should resolve this one and open a new JIRA along the lines of "Back-port HDFS-2617
to branch-1" ?
                
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-2617
>                 URL: https://issues.apache.org/jira/browse/HDFS-2617
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>             Fix For: 2.0.0
>
>         Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch,
HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch
>
>
> The current approach to secure and authenticate nn web services is based on Kerberized
SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can
get rid of the non-standard KSSL and use SPNEGO throughout.  This will simplify setup and
configuration.  Also, Kerberized SSL is a non-standard approach with its own quirks and dark
corners (HDFS-2386).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message