[
https://issues.apache.org/jira/browse/HBASE-14700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14979159#comment-14979159
]
Hadoop QA commented on HBASE-14700:
-----------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12769330/HBASE-14700-v2.patch
against master branch at commit 51538c5ff89dd7ee8e32ef4895d10bfc58045b17.
ATTACHMENT ID: 12769330
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified tests.
{color:green}+1 hadoop versions{color}. The patch compiles with all
supported hadoop versions (2.4.0 2.4.1 2.5.0 2.5.1 2.5.2 2.6.0 2.6.1 2.7.0
2.7.1)
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 protoc{color}. The applied patch does not increase the
total number of protoc compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 checkstyle{color}. The applied patch does not increase the
total number of checkstyle errors
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 lineLengths{color}. The patch does not introduce lines
longer than 100
{color:green}+1 site{color}. The mvn post-site goal succeeds with this patch.
{color:red}-1 core tests{color}. The patch failed these unit tests:
Test results:
https://builds.apache.org/job/PreCommit-HBASE-Build/16263//testReport/
Release Findbugs (version 2.0.3) warnings:
https://builds.apache.org/job/PreCommit-HBASE-Build/16263//artifact/patchprocess/newFindbugsWarnings.html
Checkstyle Errors:
https://builds.apache.org/job/PreCommit-HBASE-Build/16263//artifact/patchprocess/checkstyle-aggregate.html
Console output:
https://builds.apache.org/job/PreCommit-HBASE-Build/16263//console
This message is automatically generated.
> Support a "permissive" mode for secure clusters to allow "simple" auth clients
> ------------------------------------------------------------------------------
>
> Key: HBASE-14700
> URL: https://issues.apache.org/jira/browse/HBASE-14700
> Project: HBase
> Issue Type: Improvement
> Components: security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
> Fix For: 2.0.0
>
> Attachments: HBASE-14700-v2.patch, HBASE-14700.patch
>
>
> When implementing HBase security for an existing cluster, it can be useful to
> support mixed secure and insecure clients while all client configurations are
> migrated over to secure authentication.
> We currently have an option to allow secure clients to fallback to simple
> auth against insecure clusters. By providing an analogous setting for
> servers, we would allow a phased rollout of security:
> # First, security can be enabled on the cluster servers, with the
> "permissive" mode enabled
> # Clients can be converting to using secure authentication incrementally
> # The server audit logs allow identification of clients still using simple
> auth to connect
> # Finally, when sufficient clients have been converted to secure operation,
> the server-side "permissive" mode can be removed, allowing completely secure
> operation.
> Obviously with this enabled, there is no effective access control, but this
> would still be a useful tool to enable a smooth operational rollout of
> security. Permissive mode would of course be disabled by default. Enabling
> it should provide a big scary warning in the logs on startup, and possibly be
> flagged on relevant UIs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
