hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3568) fuse_dfs: add support for security
Date Tue, 03 Jul 2012 23:02:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406149#comment-13406149
] 

Aaron T. Myers commented on HDFS-3568:
--------------------------------------

Thanks a lot for the patch, Colin. A few comments:

# I recommend refactoring the if/else if/else block that gets a UGI object, since it's repeated
in two places.
# It's not abundantly obvious what the purpose of the DynamicConfiguration class is. Please
add a class comment for it.
# Looks like you have a vestigial @param in the method comment for "fromKerberosTicketCache".
# I suggest you rename fromKerberosTicketCache to something like "getUGIFromTicketCache"
# I don't think there's any need to throw an exception if security is disabled when calling
fromKerberosTicketCache. The other methods in the class just return early or return default
values when security is disabled, e.g. reloginFromKeytab.
# I find checking for "{{!iter.hasNext()}}" a little goofy. How about just "{{loginPrincipals.isEmpty()}}"
?
# Are you positive that it's acceptable for all LoginContext objects to share the same reference
to a HadoopConfiguration object? Previous to this patch, each LoginContext would get it's
own new reference to a HadoopConfiguration object. (I don't know that it is definitely a problem,
I'm just not positive either way.)
# Instead of the error message "Unable to determine hadoop.security.authentication", I suggest
"Unable to determine the configured value for hadoop.security.authentication."
# Is there really no built-in function which already implements "jStrToCstr" ? (I don't know
that there is, I'm just surprised that there isn't.)
# I recommend you rename hdfsBuilderSetNameNode to hdfsBuilderSetNameNodeHostname.
# In hdfsConfGet, why do you return "EINTERNAL" in some cases and "-EINTERNAL" in others?
# Looks like there's an errant whitespace change in the function comment for hdfsConnectAsUser
in hdfs.h.
# "@param nn   The NameNode.  See hdfsBuilderSetNameNode for details." This isn't terribly
helpful, especially since there are no comments for hdfsBuilderSetNameNode. You should also
mention that this is expecting the NN *host* (either hostname or IP.)
                
> fuse_dfs: add support for security
> ----------------------------------
>
>                 Key: HDFS-3568
>                 URL: https://issues.apache.org/jira/browse/HDFS-3568
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>    Affects Versions: 1.0.0, 2.0.0-alpha
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>             Fix For: 1.1.0, 2.0.1-alpha
>
>         Attachments: HDFS-3568.001.patch
>
>
> fuse_dfs should have support for Kerberos authentication.  This would allow FUSE to be
used in a secure cluster.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message