[kudu] branch branch-1.15.x updated: [docs] update security-related limitations since 1.15.0 release

Tue, 07 Sep 2021 10:24:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

alexey pushed a commit to branch branch-1.15.x
in repository https://gitbox.apache.org/repos/asf/kudu.git


The following commit(s) were added to refs/heads/branch-1.15.x by this push:
     new 18a35e2  [docs] update security-related limitations since 1.15.0 
release
18a35e2 is described below

commit 18a35e2530461c6d388e4781b35de4e1dd1593d2
Author: Alexey Serbin <[email protected]>
AuthorDate: Tue Aug 31 12:15:08 2021 -0700

    [docs] update security-related limitations since 1.15.0 release
    
    Since Kudu 1.15.0:
      * TLSv1.3 is supported for Kudu RPC
      * Kudu server Kerberos principals are configurable
    
    Change-Id: Ibe05ca6ba178671f11bb33a7df85a23bb1c380b1
    Reviewed-on: http://gerrit.cloudera.org:8080/17823
    Tested-by: Kudu Jenkins
    Reviewed-by: Bankim Bhavsar <[email protected]>
    (cherry picked from commit 0bfc533bea668ac0769fd0411da06eb9eb812904)
    Reviewed-on: http://gerrit.cloudera.org:8080/17832
    Reviewed-by: Alexey Serbin <[email protected]>
---
 docs/known_issues.adoc | 5 -----
 docs/security.adoc     | 3 ---
 2 files changed, 8 deletions(-)

diff --git a/docs/known_issues.adoc b/docs/known_issues.adoc
index fc9c07d..0324c02 100644
--- a/docs/known_issues.adoc
+++ b/docs/known_issues.adoc
@@ -173,15 +173,10 @@ anecdotal values that have been seen in real world 
production clusters:
   Kudu data at rest can be achieved through the use of local block device
   encryption software such as `dmcrypt`.
 
-* Kudu server Kerberos principals must follow the pattern 
`kudu/<HOST>@DEFAULT.REALM`.
-  Configuring an alternate Kerberos principal is not supported.
-
 * Server certificates generated by Kudu IPKI are incompatible with
   link:https://www.bouncycastle.org/[bouncycastle] version 1.52 and earlier. 
See
   link:https://issues.apache.org/jira/browse/KUDU-2145[KUDU-2145] for details.
 
-* The highest supported version of the TLS protocol is TLSv1.2
-
 == Other Known Issues
 
 The following are known bugs and issues with the current release of Kudu. They 
will
diff --git a/docs/security.adoc b/docs/security.adoc
index 3f28deb..c77f1b2 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -578,9 +578,6 @@ Kudu has a few known security limitations:
 
 // TODO(danburkert): add JIRA links for each of these.
 
-Custom Kerberos Principal:: Kudu does not support setting a custom service
-principal for Kudu processes. The principal must be 'kudu'.
-
 External PKI:: Kudu does not support externally-issued certificates for 
internal
 wire encryption (server to server and client to server).

Reply via email to