[ozone] branch master updated: HDDS-6118. Documentation missing settings to secure S3g with Kerberos (#2950)

adoroszlai Sun, 02 Jan 2022 23:32:30 -0800

This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git



The following commit(s) were added to refs/heads/master by this push:
     new e6179c1  HDDS-6118. Documentation missing settings to secure S3g with 
Kerberos (#2950)
e6179c1 is described below

commit e6179c1ec6d77a46687c513ab63b81d7c62e9796
Author: Ke-Yi Sung <[email protected]>
AuthorDate: Mon Jan 3 15:32:07 2022 +0800

    HDDS-6118. Documentation missing settings to secure S3g with Kerberos 
(#2950)
---
 hadoop-hdds/docs/content/security/SecureOzone.md   | 10 ++++++-
 .../docs/content/security/SecureOzone.zh.md        | 34 +++++++++++++---------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/hadoop-hdds/docs/content/security/SecureOzone.md 
b/hadoop-hdds/docs/content/security/SecureOzone.md
index 8f65072..76fd747 100644
--- a/hadoop-hdds/docs/content/security/SecureOzone.md
+++ b/hadoop-hdds/docs/content/security/SecureOzone.md
@@ -136,7 +136,7 @@ All these settings should be made in ozone-site.xml.
           </tr>
           <tr>
             <td>ozone.om.kerberos.keytab.file</th>
-            <td>TThe keytab file used by SCM daemon to login as its service 
principal.</td>
+            <td>The keytab file used by OM daemon to login as its service 
principal.</td>
           </tr>
           <tr>
             <td>ozone.om.http.auth.kerberos.principal</th>
@@ -167,6 +167,14 @@ All these settings should be made in ozone-site.xml.
         </thead>
         <tbody>
           <tr>
+            <td>ozone.s3g.kerberos.principal</th>
+            <td>S3 Gateway principal. <br/> e.g. s3g/_HOST@REALM</td>
+          </tr>
+          <tr>
+            <td>ozone.s3g.kerberos.keytab.file</th>
+            <td>The keytab file used by S3 gateway. <br/> e.g. 
/etc/security/keytabs/s3g.keytab</td>
+          </tr>
+          <tr>
             <td>ozone.s3g.http.auth.kerberos.principal</th>
             <td>S3 Gateway principal if SPNEGO is enabled for S3 Gateway http 
server. <br/> e.g. HTTP/[email protected]</td>
           </tr>
diff --git a/hadoop-hdds/docs/content/security/SecureOzone.zh.md 
b/hadoop-hdds/docs/content/security/SecureOzone.zh.md
index e75b6fa..a766023 100644
--- a/hadoop-hdds/docs/content/security/SecureOzone.zh.md
+++ b/hadoop-hdds/docs/content/security/SecureOzone.zh.md
@@ -84,12 +84,12 @@ ozone-site.xml 中应进行如下配置：
             <td>SCM 进程使用的 keytab 文件</td>
           </tr>
           <tr>
-            <td>hdds.scm.http.kerberos.principal</th>
-            <td>SCM http 服务主体</td>
+            <td>hdds.scm.http.auth.kerberos.principal</th>
+            <td>SCM http 服务主体（当 SCM http 服务器启用了 SPNEGO）</td>
           </tr>
           <tr>
-            <td>hdds.scm.http.kerberos.keytab</th>
-            <td>SCM http 服务使用的 keytab 文件</td>
+            <td>hdds.scm.http.auth.kerberos.keytab</th>
+            <td>SCM http 服务使用的 keytab 文件（当 SCM http 服务器启用了 SPNEGO）</td>
           </tr>
         </tbody>
       </table>
@@ -112,19 +112,19 @@ ozone-site.xml 中应进行如下配置：
         <tbody>
           <tr>
             <td>ozone.om.kerberos.principal</th>
-            <td>OzoneManager 服务主体，例如：om/[email protected]</td>
+            <td>OM 服务主体，例如：om/[email protected]</td>
           </tr>
           <tr>
             <td>ozone.om.kerberos.keytab.file</th>
             <td>OM 进程使用的 keytab 文件</td>
           </tr>
           <tr>
-            <td>ozone.om.http.kerberos.principal</th>
-            <td>OM http 服务主体</td>
+            <td>ozone.om.http.auth.kerberos.principal</th>
+            <td>OM http 服务主体（当 OM http 服务器启用了 SPNEGO）</td>
           </tr>
           <tr>
-            <td>ozone.om.http.kerberos.keytab</th>
-            <td>OM http 服务使用的 keytab 文件</td>
+            <td>ozone.om.http.auth.kerberos.keytab</th>
+            <td>OM http 服务使用的 keytab 文件（当 OM http 服务器启用了 SPNEGO）</td>
           </tr>
         </tbody>
       </table>
@@ -146,12 +146,20 @@ ozone-site.xml 中应进行如下配置：
         </thead>
         <tbody>
           <tr>
-            <td>ozone.s3g.authentication.kerberos.principal</th>
-            <td>S3 网关服务主体，例如：HTTP/[email protected]</td>
+            <td>ozone.s3g.kerberos.principal</th>
+            <td>S3 网关主体，例如：s3g/_HOST@REALM</td>
           </tr>
           <tr>
-            <td>ozone.s3g.keytab.file</th>
-            <td>S3 网关使用的 keytab 文件</td>
+            <td>ozone.s3g.kerberos.keytab.file</th>
+            <td>S3 网关使用的 keytab 文件，例如：/etc/security/keytabs/s3g.keytab</td>
+          </tr>
+          <tr>
+            <td>ozone.s3g.http.auth.kerberos.principal</th>
+            <td>S3 网关主体（当 S3 网关 http 服务器启用了 
SPNEGO），例如：HTTP/[email protected]</td>
+          </tr>
+          <tr>
+            <td>ozone.s3g.http.auth.kerberos.keytab</th>
+            <td>S3 网关使用的 keytab 文件（当 S3 网关 http 服务器启用了 SPNEGO）</td>
           </tr>
         </tbody>
       </table>

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[ozone] branch master updated: HDDS-6118. Documentation missing settings to secure S3g with Kerberos (#2950)

Reply via email to