[
https://issues.apache.org/jira/browse/HADOOP-10863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arun Suresh updated HADOOP-10863:
---------------------------------
Attachment: HADOOP-10863.4.patch
Updating patch. Thanks [~tucu00] and [~benoyantony] for the reviews..
[~benoyantony], wrt to normalizing the acl configuration parameters, I guess
having a separate JIRA would be better since it would impact
[HADOOP-10758|https://issues.apache.org/jira/browse/HADOOP-10758] as well.
I have created
[HADOOP-11046|https://issues.apache.org/jira/browse/HADOOP-11046] to track this.
> KMS should have a blacklist for decrypting EEKs
> -----------------------------------------------
>
> Key: HADOOP-10863
> URL: https://issues.apache.org/jira/browse/HADOOP-10863
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Arun Suresh
> Attachments: HADOOP-10863.1.patch, HADOOP-10863.2.patch,
> HADOOP-10863.3.patch, HADOOP-10863.4.patch
>
>
> In particular, we'll need to put HDFS admin user there by default to prevent
> an HDFS admin from getting file encryption keys.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
