[
https://issues.apache.org/jira/browse/HADOOP-12549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17161805#comment-17161805
]
Daryn Sharp commented on HADOOP-12549:
--------------------------------------
{quote}In HDFS-7546 we added a hdfs-default.xml property to bring back the
regular behaviour of trusting all principals (as was the case before
HADOOP-9789).
{quote}
The default was never to trust all principals. HDFS-7546 was a bad change that
purported to support cross-realm. We've used cross-realm trust w/o problems
for as long as I've worked on hadoop.
{quote}I don't have full context on this but I'm pretty sure this change will
be controversial.
{quote}
The pattern was added to augment the annotation-based principal restrictions.
Let's say you have nn-ha1.domain and nn-ha2.domain fronted by nn.domain (IP
failover setup). The client expands the default annotation of hdfs/_HOST to
hdfs/nn.domain causing it to reject the backend hdfs/nn-ha\{1,2}.domain
principals. The _optional_ pattern allows whitelisting those backend
principals.
Non-negotiable -1. A wildcard default is an incompatible regression that
breaks, by shorting out, annotation based principal restrictions. Clients will
authenticate to any service principal. The motivation appears to be using an
empty configuration. The solution is add a resource that contains security
settings.
> Extend HDFS-7456 default generically to all pattern lookups
> -----------------------------------------------------------
>
> Key: HADOOP-12549
> URL: https://issues.apache.org/jira/browse/HADOOP-12549
> Project: Hadoop Common
> Issue Type: Improvement
> Components: ipc, security
> Affects Versions: 2.7.1
> Reporter: Harsh J
> Priority: Minor
> Attachments: HADOOP-12549.002.patch, HADOOP-12549.patch
>
>
> In HDFS-7546 we added a hdfs-default.xml property to bring back the regular
> behaviour of trusting all principals (as was the case before HADOOP-9789).
> However, the change only targeted HDFS users and also only those that used
> the default-loading mechanism of Configuration class (i.e. not {{new
> Configuration(false)}} users).
> I'd like to propose adding the same default to the generic RPC client code
> also, so the default affects all form of clients equally.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
