[
https://issues.apache.org/jira/browse/HADOOP-2239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Douglas updated HADOOP-2239:
----------------------------------
Attachment: 2239-1.patch
This patch adds some documentation, per Nicholas's recommendation. It does not
include any test cases, as the requirements for configuring ssl are somewhat
onerous and- in my limited experience- not amenable to automation in a test
case. Lacking certs, it was tested with Firefox and appears correct. The
passwords are stored in a config file, which is regrettable, but the resource
storing them need only be on the classpath. Getting this information is
out-of-band as it is, and an auxiliary config file seemed the most expedient
and mostly-correct option available. For Right Now(tm), it should suffice.
> Security: Need to be able to encrypt Hadoop socket connections
> ---------------------------------------------------------------
>
> Key: HADOOP-2239
> URL: https://issues.apache.org/jira/browse/HADOOP-2239
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Allen Wittenauer
> Fix For: 0.17.0
>
> Attachments: 2239-0.patch, 2239-1.patch
>
>
> We need to be able to use hadoop over hostile networks, both internally and
> externally to the enterpise. While authentication prevents unauthorized
> access, encryption should be used to prevent such things as packet snooping
> across the wire. This means that hadoop client connections, distcp, etc,
> would use something such as SSL to protect the TCP/IP packets.
> Post-Kerberos, it would be useful to use something similar to NFS's krb5p
> option.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
