hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bikas Saha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-5152) Avoiding redundant Kerberos login for Zookeeper client in ActiveStandbyElector
Date Tue, 03 Sep 2013 20:31:52 GMT

    [ https://issues.apache.org/jira/browse/HDFS-5152?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13757032#comment-13757032
] 

Bikas Saha commented on HDFS-5152:
----------------------------------

To be clear, the intent here is to allow ActiveStandbyElector to reuse the login context that
has already been created when ZKFC authenticates with ZK. Is that correct?

Will this change allow ActiveStandbyElector to be used outside of ZKFC (as an embedded library)
and authenticate using UgiZkLogin?

                
> Avoiding redundant Kerberos login for Zookeeper client in ActiveStandbyElector
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-5152
>                 URL: https://issues.apache.org/jira/browse/HDFS-5152
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>            Reporter: Kai Zheng
>         Attachments: HDFS-5152.patch
>
>
> Based on the fix in HADOOP-8315, it's possible to deploy a secured HA cluster with SASL
support for connection with Zookeeper. However it requires extra configuration for JAAS to
initialize the Zookeeper client because the client will do another login in it even when ZKFC
service actually has already passed the Kerberos login during its starting.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message