[jira] Commented: (HDFS-1150) Verify datanodes' identities to clients in secure clusters

Tue, 27 Jul 2010 18:14:41 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12893023#action_12893023
 ] 

Jakob Homan commented on HDFS-1150:
-----------------------------------

bq. A warning makes sense, but it seems to me that it should only throw the RTE 
when the DN is configured on a priveleged port and not run with 
SecureResources. 
It's simpler to have all the datanodes in a secure cluster running via jsvc.  
For the trunk patch, the warning about higher ports will actually most likely 
be an exception, as it was in earlier versions of the patch.  This behavior was 
left as a warning on 20 to help the transition by Ops to give them time to get 
the lower ports opened.  Having a datanode refuse to start in a secure cluster 
if not running under jsvc is the easiest path to not accidentally getting one 
running without it; the current behavior is fine.

> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
>                 Key: HDFS-1150
>                 URL: https://issues.apache.org/jira/browse/HDFS-1150
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node
>    Affects Versions: 0.22.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>         Attachments: commons-daemon-1.0.2-src.tar.gz, 
> HDFS-1150-BF-Y20-LOG-DIRS-2.patch, HDFS-1150-BF-Y20-LOG-DIRS.patch, 
> HDFS-1150-BF1-Y20.patch, hdfs-1150-bugfix-1.1.patch, 
> hdfs-1150-bugfix-1.2.patch, hdfs-1150-bugfix-1.patch, 
> HDFS-1150-Y20-BetterJsvcHandling.patch, HDFS-1150-y20.build-script.patch, 
> HDFS-1150-Y20S-ready-5.patch, HDFS-1150-Y20S-ready-6.patch, 
> HDFS-1150-Y20S-ready-7.patch, HDFS-1150-Y20S-ready-8.patch, 
> HDFS-1150-Y20S-Rough-2.patch, HDFS-1150-Y20S-Rough-3.patch, 
> HDFS-1150-Y20S-Rough-4.patch, HDFS-1150-Y20S-Rough.txt
>
>
> Currently we use block access tokens to allow datanodes to verify clients' 
> identities, however we don't have a way for clients to verify the 
> authenticity of the datanodes themselves.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to