Hadoop HDFS
  1. Hadoop HDFS
  2. HDFS-1033

In secure clusters, NN and SNN should verify that the remote principal during image and edits transfer

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 0.22.0
    • Fix Version/s: 0.22.0
    • Component/s: namenode, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently anyone can connect and download image/edits from Namenode. In a secure cluster we can verify the identity of the principal making the request; we should disallow requests from anyone except the NN and SNN principals (and their hosts due to the lousy KerbSSL limitation).

      1. HDFS-1033.patch
        4 kB
        Jakob Homan
      2. HDFS-1033-2.patch
        7 kB
        Jakob Homan
      3. HDFS-1033-3.patch
        8 kB
        Jakob Homan
      4. HDFS-1033-Y20.patch
        9 kB
        Jakob Homan

        Activity

        Jakob Homan created issue -
        Jakob Homan made changes -
        Field Original Value New Value
        Summary In securre clusters, NN and SNN should verify that the remote principal during image and edits transfer In secure clusters, NN and SNN should verify that the remote principal during image and edits transfer
        Jakob Homan made changes -
        Attachment HDFS-1033-Y20.patch [ 12438477 ]
        Jakob Homan made changes -
        Attachment HDFS-1033.patch [ 12448523 ]
        Jakob Homan made changes -
        Attachment HDFS-1033-2.patch [ 12448531 ]
        Jakob Homan made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Fix Version/s 0.22.0 [ 12314241 ]
        Jakob Homan made changes -
        Status Patch Available [ 10002 ] Open [ 1 ]
        Jakob Homan made changes -
        Attachment HDFS-1033-3.patch [ 12449128 ]
        Jakob Homan made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Jakob Homan made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags [Reviewed]
        Resolution Fixed [ 1 ]
        Jakob Homan made changes -
        Affects Version/s 0.22.0 [ 12314241 ]
        Component/s name-node [ 12312926 ]
        Konstantin Shvachko made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Jakob Homan
            Reporter:
            Jakob Homan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development