Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-1033

In secure clusters, NN and SNN should verify that the remote principal during image and edits transfer

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.22.0
    • 0.22.0
    • namenode, security
    • None
    • Reviewed

    Description

      Currently anyone can connect and download image/edits from Namenode. In a secure cluster we can verify the identity of the principal making the request; we should disallow requests from anyone except the NN and SNN principals (and their hosts due to the lousy KerbSSL limitation).

      Attachments

        1. HDFS-1033.patch
          4 kB
          Jakob Homan
        2. HDFS-1033-2.patch
          7 kB
          Jakob Homan
        3. HDFS-1033-3.patch
          8 kB
          Jakob Homan
        4. HDFS-1033-Y20.patch
          9 kB
          Jakob Homan

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            jghoman Jakob Homan Assign to me
            jghoman Jakob Homan
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment