[jira] [Commented] (HDFS-12284) RBF: Support for Kerberos authentication

[CR Hota (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-12284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16665766#comment-16665766
 ] 

CR Hota commented on HDFS-12284:
--------------------------------

Thanks a lot [~elgoiri] [~lukmajercak] for the extensive testing you folks did. 
The environment at my end is much more controlled hence hard to find these 
issues.

We can create another ticket for adding hdfs-rbf-default.xml in 
HdfsConfiguration, but wondering how it will work for NameNode? Because in a 
namenode scenario, hdfs-rbf-default.xml  may not be in the classpath.

 
{code:java}
public class HdfsConfiguration extends Configuration {
  static {
    addDeprecatedKeys();

    // adds the default resources
    Configuration.addDefaultResource("hdfs-default.xml");
    Configuration.addDefaultResource("hdfs-site.xml");
  }

{code}
[~daryn] Thanks for reviewing the initial patch.

                Haven't looked at the connection manager but you may have 
performance issues. IPC connections are per-instance based on ugi. You probably 
want to                  cache user -> ugi to avoid multiple connections and 
only construct a ugi if necessary.

Dint grasp your point. ConnectionManager does maintain a pool of connections 
corresponding to a ugi+namenode combination. New code of kerberos doesn't 
violate that as ugi's will change per user level since router always proxies 
for original client user. I plan to enhance the connection pooling part by 
introducing synchronous connection creation using semaphore semantics instead 
of the current asynchronous connection creation.

> RBF: Support for Kerberos authentication
> ----------------------------------------
>
>                 Key: HDFS-12284
>                 URL: https://issues.apache.org/jira/browse/HDFS-12284
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Zhe Zhang
>            Assignee: Sherwood Zheng
>            Priority: Major
>         Attachments: HDFS-12284-HDFS-13532.004.patch, 
> HDFS-12284-HDFS-13532.005.patch, HDFS-12284-HDFS-13532.006.patch, 
> HDFS-12284-HDFS-13532.007.patch, HDFS-12284-HDFS-13532.008.patch, 
> HDFS-12284-HDFS-13532.009.patch, HDFS-12284-HDFS-13532.010.patch, 
> HDFS-12284-HDFS-13532.011.patch, HDFS-12284-HDFS-13532.012.patch, 
> HDFS-12284.000.patch, HDFS-12284.001.patch, HDFS-12284.002.patch, 
> HDFS-12284.003.patch
>
>
> HDFS Router should support Kerberos authentication and issuing / managing 
> HDFS delegation tokens.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org