hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4056) Always start the NN's SecretManager
Date Wed, 24 Oct 2012 15:10:14 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13483301#comment-13483301
] 

Daryn Sharp commented on HDFS-4056:
-----------------------------------

The patch as it stands does not incur any token related overhead because existing clients
won't request and send tokens.  However, I'll investigate the best way to add another config
option and repost the patch.

The long-term solution to simple with or without token, and existing secure/insecure access
issues, is for hadoop to properly use SASL.  The client should be negotiating the authentication
mechanism instead of the client sending the server the SASL mechanism in the RPC header immediate
followed by the SASL message.  However, that's far beyond the scope of these changes.
                
> Always start the NN's SecretManager
> -----------------------------------
>
>                 Key: HDFS-4056
>                 URL: https://issues.apache.org/jira/browse/HDFS-4056
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: name-node
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is enabled, the NN's
secret manager should always be started.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message