Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-1033

In secure clusters, NN and SNN should verify that the remote principal during image and edits transfer

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.22.0
    • 0.22.0
    • namenode, security
    • None
    • Reviewed

    Description

      Currently anyone can connect and download image/edits from Namenode. In a secure cluster we can verify the identity of the principal making the request; we should disallow requests from anyone except the NN and SNN principals (and their hosts due to the lousy KerbSSL limitation).

      Attachments

        1. HDFS-1033-Y20.patch
          9 kB
          Jakob Homan
        2. HDFS-1033.patch
          4 kB
          Jakob Homan
        3. HDFS-1033-2.patch
          7 kB
          Jakob Homan
        4. HDFS-1033-3.patch
          8 kB
          Jakob Homan

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jghoman Jakob Homan
            jghoman Jakob Homan
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment