hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4056) Always start the NN's SecretManager
Date Thu, 01 Nov 2012 13:51:12 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13488698#comment-13488698
] 

Daryn Sharp commented on HDFS-4056:
-----------------------------------

bq. {quote}Yes, it should work if you fetch the token yourself.{quote}
bq. As far as I know, that is not by design.

Do you believe this is an illegitimate use case?  Should you not be allowed to talk to clusters
of various auth types if you have used (in some way) the appropriate credentials to get a
token?

bq. Suppose some clients are configured to use tokens, some don't. How do you make sure they
did what they are supposed to do? Or you don't care? If a client happens to use a Hadoop conf
that says "use tokens", it will fetch and use them; otherwise, it won't. Either way it works.

For the sake of this jira, yes, I don't care whether the client gets a token in SIMPLE mode.
 There's another subtask for determining whether the client/task should be forced to use tokens.
 I posted an example, but will be revising it based on offline feedback from Owen.

I'm trying to implement this improvement in small incremental steps.  This patch alone does
not cause a change in behavior for clients on insecure clusters.  I think the debate over
whether insecure clients obtain tokens is more appropriately debated on the other subtasks.
 Would you please be willing to lift your veto on this jira?  At least to a -0?
                
> Always start the NN's SecretManager
> -----------------------------------
>
>                 Key: HDFS-4056
>                 URL: https://issues.apache.org/jira/browse/HDFS-4056
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: name-node
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is enabled, the NN's
secret manager should always be started.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message