Kihwal Lee updated HADOOP-16517:
    Status: Patch Available  (was: Open)

The patch has no unit test.

> Allow optional mutual TLS in HttpServer2
> ----------------------------------------
>                 Key: HADOOP-16517
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16517
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>            Priority: Major
>         Attachments: HADOOP-16517.patch
> Currently the webservice can enforce mTLS by setting 
> "dfs.client.https.need-auth" on the server side. (The config name is 
> misleading, as it is actually server-side config. It has been deprecated from 
> the client config)  A hadoop client can talk to mTLS enforced web service by 
> setting "hadoop.ssl.require.client.cert" with proper ssl config.
> We have seen use case where mTLS needs to be enabled optionally for only 
> those clients who supplies their cert. In a mixed environment like this, 
> individual services may still enforce mTLS for a subset of endpoints by 
> checking the existence of x509 cert in the request.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to