-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.0.0-alpha
-
Fix Version/s: 1.1.0, 2.0.2-alpha
-
Component/s: security
-
Labels:None
-
Target Version/s:
-
Hadoop Flags:Incompatible change, Reviewed
-
Release Note:
The current approach to secure and authenticate nn web services is based on Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now that we have one, we can get rid of the non-standard KSSL and use SPNEGO throughout. This will simplify setup and configuration. Also, Kerberized SSL is a non-standard approach with its own quirks and dark corners (HDFS-2386).
- breaks
-
HDFS-3434 InvalidProtocolBufferException when visiting DN browseDirectory.jsp
-
- Resolved
-
-
HDFS-3698 TestHftpFileSystem is failing in branch-1 due to changed default secure port
-
- Closed
-
- is depended upon by
-
HDFS-3348 After HDFS-2617 can't use 0.0.0.0 in dfs.http.address
-
- Open
-
- is related to
-
HDFS-3426 Replaced Kerberized SSL for journal segment transfer with SPNEGO-based solution
-
- Open
-
-
HDFS-3989 Remove duplicate Http server SSL code
-
- Open
-
-
HDFS-3461 HFTP should use the same port & protocol for getting the delegation token
-
- Closed
-
- relates to
-
HDFS-2386 with security enabled fsck calls lead to handshake_failure and hftp fails throwing the same exception in the logs
-
- Resolved
-
1.
|
HftpFileSystem should try both KSSL and SPNEGO when authentication is required |
|
Closed | Unassigned |