[
https://issues.apache.org/jira/browse/HDFS-3568?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13406149#comment-13406149
]
Aaron T. Myers commented on HDFS-3568:
--------------------------------------
Thanks a lot for the patch, Colin. A few comments:
# I recommend refactoring the if/else if/else block that gets a UGI object,
since it's repeated in two places.
# It's not abundantly obvious what the purpose of the DynamicConfiguration
class is. Please add a class comment for it.
# Looks like you have a vestigial @param in the method comment for
"fromKerberosTicketCache".
# I suggest you rename fromKerberosTicketCache to something like
"getUGIFromTicketCache"
# I don't think there's any need to throw an exception if security is disabled
when calling fromKerberosTicketCache. The other methods in the class just
return early or return default values when security is disabled, e.g.
reloginFromKeytab.
# I find checking for "{{!iter.hasNext()}}" a little goofy. How about just
"{{loginPrincipals.isEmpty()}}" ?
# Are you positive that it's acceptable for all LoginContext objects to share
the same reference to a HadoopConfiguration object? Previous to this patch,
each LoginContext would get it's own new reference to a HadoopConfiguration
object. (I don't know that it is definitely a problem, I'm just not positive
either way.)
# Instead of the error message "Unable to determine
hadoop.security.authentication", I suggest "Unable to determine the configured
value for hadoop.security.authentication."
# Is there really no built-in function which already implements "jStrToCstr" ?
(I don't know that there is, I'm just surprised that there isn't.)
# I recommend you rename hdfsBuilderSetNameNode to
hdfsBuilderSetNameNodeHostname.
# In hdfsConfGet, why do you return "EINTERNAL" in some cases and "-EINTERNAL"
in others?
# Looks like there's an errant whitespace change in the function comment for
hdfsConnectAsUser in hdfs.h.
# "@param nn The NameNode. See hdfsBuilderSetNameNode for details." This
isn't terribly helpful, especially since there are no comments for
hdfsBuilderSetNameNode. You should also mention that this is expecting the NN
*host* (either hostname or IP.)
> fuse_dfs: add support for security
> ----------------------------------
>
> Key: HDFS-3568
> URL: https://issues.apache.org/jira/browse/HDFS-3568
> Project: Hadoop HDFS
> Issue Type: Improvement
> Affects Versions: 1.0.0, 2.0.0-alpha
> Reporter: Colin Patrick McCabe
> Assignee: Colin Patrick McCabe
> Fix For: 1.1.0, 2.0.1-alpha
>
> Attachments: HDFS-3568.001.patch
>
>
> fuse_dfs should have support for Kerberos authentication. This would allow
> FUSE to be used in a secure cluster.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
