[jira] [Created] (HADOOP-15896) Refine Kerberos based AuthenticationHandler to check proxyuser ACL

Eric Yang created HADOOP-15896: -- Summary: Refine Kerberos based AuthenticationHandler to check proxyuser ACL Key: HADOOP-15896 URL: https://issues.apache.org/jira/browse/HADOOP-15896 Project: Hadoop Comm

Apache Hadoop qbt Report: trunk+JDK8 on Linux/x86

For more details, see https://builds.apache.org/job/hadoop-qbt-trunk-java8-linux-x86/945/ [Nov 1, 2018 10:13:48 AM] (shashikant) HDDS-771. ChunkGroupOutputStream stream entries need to be properly [Nov 1, 2018 12:56:20 PM] (stevel) HADOOP-15895. [JDK9+] Add missing javax.annotation-api dependen

[jira] [Created] (HADOOP-15897) Port range binding fails due to socket bind race condition

Daryn Sharp created HADOOP-15897: Summary: Port range binding fails due to socket bind race condition Key: HADOOP-15897 URL: https://issues.apache.org/jira/browse/HADOOP-15897 Project: Hadoop Common

[jira] [Resolved] (HADOOP-15896) Refine Kerberos based AuthenticationHandler to check proxyuser ACL

[ https://issues.apache.org/jira/browse/HADOOP-15896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Owen O'Malley resolved HADOOP-15896. Resolution: Not A Problem This is working correctly. Do not attempt to change this behavi

Re: [DISCUSS] Hadoop RPC encryption performance improvements

One possibility (which we use in Kudu) is to use SSL for encryption but with a self-signed certificate, maintaining the existing SASL/GSSAPI handshake for authentication. The one important bit here, security wise, is to implement channel binding (RFC 5056 and RFC 5929) to prevent against MITMs. The

Re: [DISCUSS] Hadoop RPC encryption performance improvements

Thanks all for the inputs, To offer additional information (while Daryn is working on his stuff), optimizing RPC encryption opens up another possibility: migrating KMS service to use Hadoop RPC. Today's KMS uses HTTPS + REST API, much like webhdfs. It has very undesirable performance (a few thous