Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 214EFDB6F for ; Fri, 20 Jul 2012 14:59:38 +0000 (UTC) Received: (qmail 24032 invoked by uid 500); 20 Jul 2012 14:59:37 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 23630 invoked by uid 500); 20 Jul 2012 14:59:37 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 23173 invoked by uid 99); 20 Jul 2012 14:59:36 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2012 14:59:36 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id 4801D142850 for ; Fri, 20 Jul 2012 14:59:36 +0000 (UTC) Date: Fri, 20 Jul 2012 14:59:36 +0000 (UTC) From: "eric baldeschwieler (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: <1263462269.82029.1342796376298.JavaMail.jiratomcat@issues-vm> In-Reply-To: <649383873.29392.1322707060120.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13419192#comment-13419192 ] eric baldeschwieler commented on HDFS-2617: ------------------------------------------- Let's talk the options through and make a proposal. > Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution > ------------------------------------------------------------------------------ > > Key: HDFS-2617 > URL: https://issues.apache.org/jira/browse/HDFS-2617 > Project: Hadoop HDFS > Issue Type: Improvement > Components: security > Reporter: Jakob Homan > Assignee: Jakob Homan > Fix For: 1.2.0, 2.1.0-alpha > > Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch, HDFS-2617-branch-1.patch, HDFS-2617-branch-1.patch, HDFS-2617-branch-1.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, hdfs-2617-1.1.patch > > > The current approach to secure and authenticate nn web services is based on Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can get rid of the non-standard KSSL and use SPNEGO throughout. This will simplify setup and configuration. Also, Kerberized SSL is a non-standard approach with its own quirks and dark corners (HDFS-2386). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira