hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-3893) QJM: Make QJM work with security enabled
Date Thu, 06 Sep 2012 17:35:07 GMT

    [ https://issues.apache.org/jira/browse/HDFS-3893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13449843#comment-13449843

Aaron T. Myers commented on HDFS-3893:

bq. How does that interact with the new service-level ACL that you've added?

Unfortunately, the service-level ACL _has_ to be configured in order for this to work. The
first few lines in ServiceAuthorizationManager#authorize are:

AccessControlList acl = protocolToAcl.get(protocol);
if (acl == null) {
  throw new AuthorizationException("Protocol " + protocol + 
                                   " is not known.");

After that, we get the info on the expected client principal from the protocol annotation:

KerberosInfo krbInfo = SecurityUtil.getKerberosInfo(protocol, conf);
String clientKey = krbInfo.clientPrincipal();
clientPrincipal = SecurityUtil.getServerPrincipal(conf.get(clientKey), addr);

Finally, we authorize the user by ensuring that the user matches the clientPrincipal if present
in the annotation _and_ that they're allowed by the ACL:

if((clientPrincipal != null && !clientPrincipal.equals(user.getUserName())) || 
    !acl.isUserAllowed(user)) {
  AUDITLOG.warn(AUTHZ_FAILED_FOR + user + " for protocol=" + protocol
      + ", expected client Kerberos principal is " + clientPrincipal);
  throw new AuthorizationException("User " + user + 
      " is not authorized for protocol " + protocol + 
      ", expected client Kerberos principal is " + clientPrincipal);

So, I think the code is good as-is, i.e. only super users can access this protocol interface.
> QJM: Make QJM work with security enabled
> ----------------------------------------
>                 Key: HDFS-3893
>                 URL: https://issues.apache.org/jira/browse/HDFS-3893
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: name-node, security
>    Affects Versions: QuorumJournalManager (HDFS-3077)
>            Reporter: Aaron T. Myers
>            Assignee: Aaron T. Myers
>         Attachments: HDFS-3893.patch, HDFS-3893.patch
> Currently the QJM does not work when security is enabled. The quorum cannot be formatted,
the NN and SBN cannot communicate with the JNs, and JNs cannot synchronize edit logs with
each other.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message