hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4056) Always start the NN's SecretManager
Date Tue, 16 Oct 2012 16:41:03 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477142#comment-13477142
] 

Kan Zhang commented on HDFS-4056:
---------------------------------

My comment is less about adding new auth options or combinations of internal and external
auth (which HADOOP-8758 and HADOOP-8779 are about), but more about keeping existing ones.
We've seen many use cases where a Hadoop cluster is firewalled and all accesses to the cluster
are proxy'ed through a few trusted access points which authenticate users. Within the cluster
security is turned off. These setups don't support true multi-tenancy but may be OK for some
limited use cases. In such cases, why would the user pay the penalty of using tokens and be
subject to any instability caused by the bugs in the token system? SIMPLE (external) + SIMPLE
(internal) is a supported mode currently, and IMHO, we should continue support it.
                
> Always start the NN's SecretManager
> -----------------------------------
>
>                 Key: HDFS-4056
>                 URL: https://issues.apache.org/jira/browse/HDFS-4056
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: name-node
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is enabled, the NN's
secret manager should always be started.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message