[ https://issues.apache.org/jira/browse/HADOOP-12549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17161805#comment-17161805 ]
Daryn Sharp commented on HADOOP-12549: -------------------------------------- {quote}In HDFS-7546 we added a hdfs-default.xml property to bring back the regular behaviour of trusting all principals (as was the case before HADOOP-9789). {quote} The default was never to trust all principals. HDFS-7546 was a bad change that purported to support cross-realm. We've used cross-realm trust w/o problems for as long as I've worked on hadoop. {quote}I don't have full context on this but I'm pretty sure this change will be controversial. {quote} The pattern was added to augment the annotation-based principal restrictions. Let's say you have nn-ha1.domain and nn-ha2.domain fronted by nn.domain (IP failover setup). The client expands the default annotation of hdfs/_HOST to hdfs/nn.domain causing it to reject the backend hdfs/nn-ha\{1,2}.domain principals. The _optional_ pattern allows whitelisting those backend principals. Non-negotiable -1. A wildcard default is an incompatible regression that breaks, by shorting out, annotation based principal restrictions. Clients will authenticate to any service principal. The motivation appears to be using an empty configuration. The solution is add a resource that contains security settings. > Extend HDFS-7456 default generically to all pattern lookups > ----------------------------------------------------------- > > Key: HADOOP-12549 > URL: https://issues.apache.org/jira/browse/HADOOP-12549 > Project: Hadoop Common > Issue Type: Improvement > Components: ipc, security > Affects Versions: 2.7.1 > Reporter: Harsh J > Priority: Minor > Attachments: HADOOP-12549.002.patch, HADOOP-12549.patch > > > In HDFS-7546 we added a hdfs-default.xml property to bring back the regular > behaviour of trusting all principals (as was the case before HADOOP-9789). > However, the change only targeted HDFS users and also only those that used > the default-loading mechanism of Configuration class (i.e. not {{new > Configuration(false)}} users). > I'd like to propose adding the same default to the generic RPC client code > also, so the default affects all form of clients equally. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org