hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7935) Support multi-homed networks when Kerberos security is enabled
Date Mon, 16 Mar 2015 20:46:41 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363895#comment-14363895

Kihwal Lee commented on HDFS-7935:

Secure HA NN does come up with dfs.namenode.http-address.<logical_name>.<nn_id>
set to The clients should of course have a vaild address. The kerberos principal
used by the two name nodes comes from dfs.web.authentication.kerberos.principal, but SPNEGO
will work with any SPN found in its keytab after HADOOP-10322.  So I guess HDFS-4448 is fixed?

> Support multi-homed networks when Kerberos security is enabled
> --------------------------------------------------------------
>                 Key: HDFS-7935
>                 URL: https://issues.apache.org/jira/browse/HDFS-7935
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
> Currently, during SASL negotiation stage between ipc Client and Server, The server sends
only a single serviceId (curresponding to a single principal) to the client. This is the principal
the the server process is logged in as during startup.
> It is possible that in a multi-homed network, the server might be associated with more
than one principal, and thus severs must provide the clients all possible principals it can
use to connect to.

This message was sent by Atlassian JIRA

View raw message