[jira] Commented: (HADOOP-7083) Allow SecureIO to be disabled for developer workstations

Mon, 07 Feb 2011 13:08:21 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-7083?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12991607#comment-12991607
 ] 

Allen Wittenauer commented on HADOOP-7083:
------------------------------------------

> Do you consider those to be bugs?

I'll have to look at the specifics of those two settings, but chances are, yes, 
they should not have been committed if we want to take security seriously.  

If dfs.block.access.token.enable is the one that I think it is, it likely 
should have been held off until we had a real solution (something commit-able) 
to run the datanode on a privileged port rather then adding it as a "something 
we might use some day".  (Yes, I'm fully aware that this hurts myself more than 
maybe anyone else, given that Solaris has supported privilege delegation for 
quite some time now.)

> straw men

> If my goal is to learn about how a kerberized cluster behaves, I don't want 
> all the 
> hardening (and associated inconvenience) that a company storing financial 
> information would want.

But you do want a realistic environment, including the setup pain. So that 
includes the ten minutes to compile native code.

> Should we bring this to a discussion on the mailing lists rather than in 
> these specific bugs?

Feel free.

> Allow SecureIO to be disabled for developer workstations
> --------------------------------------------------------
>
>                 Key: HADOOP-7083
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7083
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: native, security
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Alejandro Abdelnur
>         Attachments: hadoop-7083.txt
>
>
> In testing with secure Hadoop, the new requirement for native code is 
> annoying on platforms like OSX where the native code can be tricky to get 
> compiled and working. We should allow developers to disable this aspect of 
> security by setting a special flag.

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to