Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-5688

Wire-encription in QJM

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Cannot Reproduce
    • 2.2.0
    • None
    • ha, journal-node, security

    Description

      When HA is implemented with QJM and using kerberos, it's not possible to set wire-encrypted data.
      If it's set property hadoop.rpc.protection to something different to authentication it doesn't work propertly, getting the error:

      ERROR security.UserGroupInformation: PriviledgedActionException as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException: No common protection layer between client and ser

      With NFS as shared storage everything works like a charm

      Attachments

        1. ssl-server.xml
          2 kB
          Juan Carlos Fernandez
        2. ssl-client.xml
          2 kB
          Juan Carlos Fernandez
        3. namenode.xml
          67 kB
          Juan Carlos Fernandez
        4. journal.xml
          66 kB
          Juan Carlos Fernandez
        5. jaas.conf
          0.5 kB
          Juan Carlos Fernandez
        6. hdfs-site.xml
          7 kB
          Juan Carlos Fernandez
        7. core-site.xml
          3 kB
          Juan Carlos Fernandez

        Activity

          People

            Unassigned Unassigned
            jucaf Juan Carlos Fernandez
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: