[ https://issues.apache.org/jira/browse/HDFS-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406149#comment-13406149 ]
Aaron T. Myers commented on HDFS-3568: -------------------------------------- Thanks a lot for the patch, Colin. A few comments: # I recommend refactoring the if/else if/else block that gets a UGI object, since it's repeated in two places. # It's not abundantly obvious what the purpose of the DynamicConfiguration class is. Please add a class comment for it. # Looks like you have a vestigial @param in the method comment for "fromKerberosTicketCache". # I suggest you rename fromKerberosTicketCache to something like "getUGIFromTicketCache" # I don't think there's any need to throw an exception if security is disabled when calling fromKerberosTicketCache. The other methods in the class just return early or return default values when security is disabled, e.g. reloginFromKeytab. # I find checking for "{{!iter.hasNext()}}" a little goofy. How about just "{{loginPrincipals.isEmpty()}}" ? # Are you positive that it's acceptable for all LoginContext objects to share the same reference to a HadoopConfiguration object? Previous to this patch, each LoginContext would get it's own new reference to a HadoopConfiguration object. (I don't know that it is definitely a problem, I'm just not positive either way.) # Instead of the error message "Unable to determine hadoop.security.authentication", I suggest "Unable to determine the configured value for hadoop.security.authentication." # Is there really no built-in function which already implements "jStrToCstr" ? (I don't know that there is, I'm just surprised that there isn't.) # I recommend you rename hdfsBuilderSetNameNode to hdfsBuilderSetNameNodeHostname. # In hdfsConfGet, why do you return "EINTERNAL" in some cases and "-EINTERNAL" in others? # Looks like there's an errant whitespace change in the function comment for hdfsConnectAsUser in hdfs.h. # "@param nn The NameNode. See hdfsBuilderSetNameNode for details." This isn't terribly helpful, especially since there are no comments for hdfsBuilderSetNameNode. You should also mention that this is expecting the NN *host* (either hostname or IP.) > fuse_dfs: add support for security > ---------------------------------- > > Key: HDFS-3568 > URL: https://issues.apache.org/jira/browse/HDFS-3568 > Project: Hadoop HDFS > Issue Type: Improvement > Affects Versions: 1.0.0, 2.0.0-alpha > Reporter: Colin Patrick McCabe > Assignee: Colin Patrick McCabe > Fix For: 1.1.0, 2.0.1-alpha > > Attachments: HDFS-3568.001.patch > > > fuse_dfs should have support for Kerberos authentication. This would allow > FUSE to be used in a secure cluster. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira