[jira] [Commented] (HDDS-6) Enable SCM kerberos auth

Mon, 07 May 2018 15:03:46 -0700 

    [ 
https://issues.apache.org/jira/browse/HDDS-6?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16466528#comment-16466528
 ] 

Xiaoyu Yao commented on HDDS-6:
-------------------------------

Thanks [~ajayydv] for working on this. The patch looks good to me overall. Here 
are a few minor comments.

 

ScmConfigKeys.java

Line 118: NIT change to OZONE_SCM_KERBEROS_KEYTAB_FILE_KEY 
"ozone.scm.kerberos.keytab.file" for consistency and easy config UI filtering?

 

ScmBlockLocationProtocolPB.java

Line 39: do we expect the principal for the block location protocol client 
always be DN kerberos principal, Quadra for example may run as non-hdfs 
principal?

 

OzoneConfigKeys.java

{color:#000000}Line 235: Can we document the relationship between 
{color}ozone.security.enabled and {color:#658aba}hadoop.security.authentication 
in ozone-default.xml? What if {color}ozone.security.enabled but 
hadoop.security.authentication=simple?

 

Ozone-default.xml

Line 1057-1067, 1090-1097: should we leave this for KSM kerberos support in 
next patch?

 

StorageContainerManager.java 

Line 170: should the default to false instead of true?

 

Line 204: the comment is not accurate. It should be something like "Login as 
the configured user for SCM." 

 

Line 208: NIT: suggest rename to loginAsSCMUser()

 

 

MiniOzoneClusterImpl.java

Line 282: can you add more context info related to authentication error, e.g. 
login failure to SCM user.

 

 

TestStorageContainerManager.java 

Can you add a case for successfully scm login and failed scm login due to bad 
principle or keytab due to misconfiguration?

> Enable SCM kerberos auth
> ------------------------
>
>                 Key: HDDS-6
>                 URL: https://issues.apache.org/jira/browse/HDDS-6
>             Project: Hadoop Distributed Data Store
>          Issue Type: Sub-task
>          Components: SCM, Security
>            Reporter: Ajay Kumar
>            Assignee: Ajay Kumar
>            Priority: Major
>             Fix For: 0.3.0
>
>         Attachments: HDDS-4-HDDS-6.00.patch
>
>
> Enable SCM kerberos auth



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to