hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yongjun Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7546) Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern
Date Thu, 18 Dec 2014 15:19:13 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14251781#comment-14251781
] 

Yongjun Zhang commented on HDFS-7546:
-------------------------------------

Hi [~qwertymaniac], 

Thanks for reporting the issue and providing patch. I labeled it as "supportability".  I reviewed
the change and have a few comments.
* The description of the property can be improved with more information. What about:
{code}
A client-side property that describes permitted server principal pattern. It can be configured
to control allowed realms to authenticate with, which is useful in cross-realm environment.
{code}
* what's the current default of this property prior to your change?
* wonder if there is any catch by changing the default pattern to "*", which essentially accepts
any pattern?




> Document, and set an accepting default for dfs.namenode.kerberos.principal.pattern
> ----------------------------------------------------------------------------------
>
>                 Key: HDFS-7546
>                 URL: https://issues.apache.org/jira/browse/HDFS-7546
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.1.1-beta
>            Reporter: Harsh J
>            Assignee: Harsh J
>            Priority: Minor
>              Labels: supportability
>         Attachments: HDFS-7546.patch
>
>
> This config is used in the SaslRpcClient, and the no-default breaks cross-realm trust
principals being used at clients.
> Current location: https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/SaslRpcClient.java#L309
> The config should be documented and the default should be set to * to preserve the prior-to-introduction
behaviour.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message