hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Juan Carlos Fernandez (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-5688) Wire-encription in QJM
Date Mon, 24 Feb 2014 11:43:20 GMT

     [ https://issues.apache.org/jira/browse/HDFS-5688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Juan Carlos Fernandez updated HDFS-5688:
----------------------------------------

    Attachment: namenode.xml
                journal.xml

Config files from url

> Wire-encription in QJM
> ----------------------
>
>                 Key: HDFS-5688
>                 URL: https://issues.apache.org/jira/browse/HDFS-5688
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: ha, journal-node, security
>    Affects Versions: 2.2.0
>            Reporter: Juan Carlos Fernandez
>            Priority: Blocker
>              Labels: security
>         Attachments: core-site.xml, hdfs-site.xml, jaas.conf, journal.xml, namenode.xml,
ssl-client.xml, ssl-server.xml
>
>
> When HA is implemented with QJM and using kerberos, it's not possible to set wire-encrypted
data.
> If it's set property hadoop.rpc.protection to something different to authentication it
doesn't work propertly, getting the error:
> ERROR security.UserGroupInformation: PriviledgedActionException as:principal@REALM (auth:KERBEROS)
cause:javax.security.sasl.SaslException: No common protection layer between client and server
> With NFS as shared storage everything works like a charm



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message