Return-Path: X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 741139B59 for ; Wed, 18 Jul 2012 17:13:35 +0000 (UTC) Received: (qmail 32002 invoked by uid 500); 18 Jul 2012 17:13:35 -0000 Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org Received: (qmail 31960 invoked by uid 500); 18 Jul 2012 17:13:35 -0000 Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: hdfs-issues@hadoop.apache.org Delivered-To: mailing list hdfs-issues@hadoop.apache.org Received: (qmail 31950 invoked by uid 99); 18 Jul 2012 17:13:35 -0000 Received: from issues-vm.apache.org (HELO issues-vm) (140.211.11.160) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jul 2012 17:13:35 +0000 Received: from isssues-vm.apache.org (localhost [127.0.0.1]) by issues-vm (Postfix) with ESMTP id E3B0F1427F2 for ; Wed, 18 Jul 2012 17:13:34 +0000 (UTC) Date: Wed, 18 Jul 2012 17:13:34 +0000 (UTC) From: "Aaron T. Myers (JIRA)" To: hdfs-issues@hadoop.apache.org Message-ID: <825390177.69922.1342631614937.JavaMail.jiratomcat@issues-vm> In-Reply-To: <649383873.29392.1322707060120.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417261#comment-13417261 ] Aaron T. Myers commented on HDFS-2617: -------------------------------------- bq. If we have the config knob, it has to be something way more obvious that you are basically turning off security. What makes you say we're "basically turning off security"? The config knob as-implemented is switching between using KSSL or SPNEGO for HTTP auth, not disabling HTTP auth entirely. > Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution > ------------------------------------------------------------------------------ > > Key: HDFS-2617 > URL: https://issues.apache.org/jira/browse/HDFS-2617 > Project: Hadoop HDFS > Issue Type: Improvement > Components: security > Reporter: Jakob Homan > Assignee: Jakob Homan > Fix For: 2.1.0-alpha > > Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch, HDFS-2617-branch-1.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, hdfs-2617-1.1.patch > > > The current approach to secure and authenticate nn web services is based on Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can get rid of the non-standard KSSL and use SPNEGO throughout. This will simplify setup and configuration. Also, Kerberized SSL is a non-standard approach with its own quirks and dark corners (HDFS-2386). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira