hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-7935) Support multi-homed networks when Kerberos security is enabled
Date Mon, 16 Mar 2015 20:46:41 GMT

    [ https://issues.apache.org/jira/browse/HDFS-7935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14363895#comment-14363895
] 

Kihwal Lee commented on HDFS-7935:
----------------------------------

Secure HA NN does come up with dfs.namenode.http-address.<logical_name>.<nn_id>
set to 0.0.0.0:port. The clients should of course have a vaild address. The kerberos principal
used by the two name nodes comes from dfs.web.authentication.kerberos.principal, but SPNEGO
will work with any SPN found in its keytab after HADOOP-10322.  So I guess HDFS-4448 is fixed?

> Support multi-homed networks when Kerberos security is enabled
> --------------------------------------------------------------
>
>                 Key: HDFS-7935
>                 URL: https://issues.apache.org/jira/browse/HDFS-7935
>             Project: Hadoop HDFS
>          Issue Type: Bug
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
>
> Currently, during SASL negotiation stage between ipc Client and Server, The server sends
only a single serviceId (curresponding to a single principal) to the client. This is the principal
the the server process is logged in as during startup.
> It is possible that in a multi-homed network, the server might be associated with more
than one principal, and thus severs must provide the clients all possible principals it can
use to connect to.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message