[ https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417330#comment-13417330 ]
Aaron T. Myers commented on HDFS-2617: -------------------------------------- OK, I'm find changing the default value for the config knob to not use KSSL, as long as we call it out with a release note that it's an incompatible change for branch-1. As for the name, how about "hadoop.security.use-weak-http-crypto"? > Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution > ------------------------------------------------------------------------------ > > Key: HDFS-2617 > URL: https://issues.apache.org/jira/browse/HDFS-2617 > Project: Hadoop HDFS > Issue Type: Improvement > Components: security > Reporter: Jakob Homan > Assignee: Jakob Homan > Fix For: 2.1.0-alpha > > Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch, > HDFS-2617-branch-1.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch, > HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, > hdfs-2617-1.1.patch > > > The current approach to secure and authenticate nn web services is based on > Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now > that we have one, we can get rid of the non-standard KSSL and use SPNEGO > throughout. This will simplify setup and configuration. Also, Kerberized > SSL is a non-standard approach with its own quirks and dark corners > (HDFS-2386). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira