[jira] [Commented] (HADOOP-13814) A sample configuration of KMS HTTP Authentication signature will lead to misunderstanding

Thu, 17 Nov 2016 10:07:41 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13814?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15674393#comment-15674393
 ] 

Akira Ajisaka commented on HADOOP-13814:
----------------------------------------

Thanks [~masatana] for providing the patch. The change in the document 
(index.md.vm) looks good to me, but the change in the setting (kms-site.xml) is 
not good. The setting in kms-site.xml is used as default value, so changing the 
setting is incompatible. Would you update the default value (kerberos) to 
"none" instead of "sasl"? Updating "kerberos" to "none" does not change the 
behavior, so this change is safe.
{code}
    <description>
      The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).
    </description>
{code}
In addition, I'm thinking we can improve the description to "The ZooKeeper 
authentication type. Supported values are 'none' (default) and 'sasl' 
(Kerberos)."

> A sample configuration of KMS HTTP Authentication signature will lead to 
> misunderstanding
> -----------------------------------------------------------------------------------------
>
>                 Key: HADOOP-13814
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13814
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: conf, documentation, kms
>    Affects Versions: 3.0.0-alpha1
>            Reporter: Masahiro Tanaka
>            Assignee: Masahiro Tanaka
>            Priority: Minor
>              Labels: newbie
>         Attachments: HADOOP-13814.patch
>
>
> In https://hadoop.apache.org/docs/current/hadoop-kms/index.html
> {code}
>   
> <name>hadoop.kms.authentication.signer.secret.provider.zookeeper.auth.type</name>
>     <value>kerberos</value>
>     <description>
>       The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).
>     </description>
>   </property>
> {code}
> It is very misleading. This configuration value should be 'sasl' when the 
> kerberos authentication is enabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to