[jira] [Commented] (HBASE-14400) Fix HBase RPC protection documentation

Thu, 10 Sep 2015 16:22:34 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-14400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14739837#comment-14739837
 ] 

Ted Yu commented on HBASE-14400:
--------------------------------

{code}
93          if (QualityOfProtection.AUTHENTICATION.saslQop.equals(stringQop)
94              || QualityOfProtection.INTEGRITY.saslQop.equals(stringQop)
95              || QualityOfProtection.PRIVACY.saslQop.equals(stringQop)) {
96            log.warn("Use authentication/integrity/privacy as value for rpc 
protection "
97                + "configurations instead of auth/auth-int/auth-conf.");
77          }   98          }
{code}
Should the condition be negated for the warning ?

> Fix HBase RPC protection documentation
> --------------------------------------
>
>                 Key: HBASE-14400
>                 URL: https://issues.apache.org/jira/browse/HBASE-14400
>             Project: HBase
>          Issue Type: Bug
>          Components: encryption, rpc, security
>            Reporter: Apekshit Sharma
>            Assignee: Apekshit Sharma
>            Priority: Critical
>             Fix For: 2.0.0, 1.3.0, 1.2.1
>
>         Attachments: HBASE-14400-master-v2.patch, HBASE-14400-master.patch
>
>
> HBase configuration 'hbase.rpc.protection' can be set to 'authentication', 
> 'integrity' or 'privacy'.
> "authentication means authentication only and no integrity or privacy; 
> integrity implies
> authentication and integrity are enabled; and privacy implies all of
> authentication, integrity and privacy are enabled."
> However hbase ref guide incorrectly suggests in some places to set the value 
> to 'auth-conf' instead of 'privacy'. Setting value to 'auth-conf' doesn't 
> provide rpc encryption which is what user wants.
> This jira will fix:
> - documentation: change 'auth-conf' references to 'privacy'
> - SaslUtil to support both set of values (privacy/integrity/authentication 
> and auth-conf/auth-int/auth) to be backward compatible with what was being 
> suggested till now.
> - change 'hbase.thrift.security.qop' to be consistent with other similar 
> configurations by using same set of values (privacy/integrity/authentication).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to