[jira] [Updated] (HDFS-2617) Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution

Wed, 18 Jul 2012 16:53:38 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aaron T. Myers updated HDFS-2617:
---------------------------------

    Attachment: HDFS-2617-branch-1.patch

Here's an updated patch which addresses Owen's comments, as well as Daryn's 
comments that I agree with. Indeed, the patch got a little smaller and more 
self-contained once I did the refactors Daryn proposed.

I once again tested this patch by ensuring that WebHdfs, HFTP, NN 
checkpointing, and FSCK work with security disable, security enabled using 
SPNEGO for HTTP auth, and security enabled using KSSL for HTTP auth.

As for testing HSFTP, I don't _think_ this patch will break it, but I don't 
have an easy way of testing HSFTP. Daryn, any chance you could give that a shot?
                
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
>                 Key: HDFS-2617
>                 URL: https://issues.apache.org/jira/browse/HDFS-2617
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>             Fix For: 2.1.0-alpha
>
>         Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch, 
> HDFS-2617-branch-1.patch, HDFS-2617-branch-1.patch, HDFS-2617-config.patch, 
> HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, 
> HDFS-2617-trunk.patch, hdfs-2617-1.1.patch
>
>
> The current approach to secure and authenticate nn web services is based on 
> Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now 
> that we have one, we can get rid of the non-standard KSSL and use SPNEGO 
> throughout.  This will simplify setup and configuration.  Also, Kerberized 
> SSL is a non-standard approach with its own quirks and dark corners 
> (HDFS-2386).

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to