[
https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014267#comment-13014267
]
Allen Wittenauer commented on HDFS-1150:
----------------------------------------
I don't see why it is Jakob's responsibility to answer my Windows compatibility
question.
Let's face it: the probability that the secure Hadoop code functions on Windows
is low. We all sort of agreed that the security features would fall into that
bucket of stuff where we (right or wrong) allow for non-portability.
But let me clarify my point, since I think you missed it: If one can't run a
Hadoop secure cluster on Windows, then the fact that Apache's default Windows
distribution method for the Windows binary being zip is irrelevant. The person
doing the portability work for secure Hadoop on Windows would likely need to
either fix this code or (and much more likely, see privileges on Solaris,
Todd's capabilities work for RHEL, etc) use a different method to guarantee
that the DN starts on a privileged port.
On the issue of builds, we *already* require that users pass flags to determine
whether they want to build with 32-bit or 64-bit. This isn't any different
than any of those, realistically. Given the push to use packaging for the next
release (in addition to a tarball), then the appropriate binary will be in the
appropriate package. The tarball including any native code was likely a
mistake. We should have really made a separate "overlay" tarball that would be
applied over the non-architecture specific one.
> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
> Key: HDFS-1150
> URL: https://issues.apache.org/jira/browse/HDFS-1150
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: data-node
> Affects Versions: 0.22.0
> Reporter: Jakob Homan
> Assignee: Jakob Homan
> Fix For: 0.22.0
>
> Attachments: HDFS-1150-BF-Y20-LOG-DIRS-2.patch,
> HDFS-1150-BF-Y20-LOG-DIRS.patch, HDFS-1150-BF1-Y20.patch,
> HDFS-1150-Y20-BetterJsvcHandling.patch, HDFS-1150-Y20S-Rough-2.patch,
> HDFS-1150-Y20S-Rough-3.patch, HDFS-1150-Y20S-Rough-4.patch,
> HDFS-1150-Y20S-Rough.txt, HDFS-1150-Y20S-ready-5.patch,
> HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch,
> HDFS-1150-Y20S-ready-8.patch, HDFS-1150-trunk-2.patch,
> HDFS-1150-trunk-3.patch, HDFS-1150-trunk.patch,
> HDFS-1150-y20.build-script.patch, RequireSecurePorts.patch,
> commons-daemon-1.0.2-src.tar.gz, hdfs-1150-bugfix-1.1.patch,
> hdfs-1150-bugfix-1.2.patch, hdfs-1150-bugfix-1.patch
>
>
> Currently we use block access tokens to allow datanodes to verify clients'
> identities, however we don't have a way for clients to verify the
> authenticity of the datanodes themselves.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
