Kihwal Lee created HADOOP-16517:
-----------------------------------
Summary: Allow optional mutual TLS in HttpServer2
Key: HADOOP-16517
URL: https://issues.apache.org/jira/browse/HADOOP-16517
Project: Hadoop Common
Issue Type: Improvement
Reporter: Kihwal Lee
Currently the webservice can enforce mTLS by setting
"dfs.client.https.need-auth" on the server side. (The config name is
misleading, as it is actually server-side config. It has been deprecated from
the client config) A hadoop client can talk to mTLS enforced web service by
setting "hadoop.ssl.require.client.cert" with proper ssl config.
We have seen use case where mTLS needs to be enabled optionally for only those
clients who supplies their cert. In a mixed environment like this, individual
services may still enforce mTLS for a subset of endpoints by checking the
existence of x509 cert in the request.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
