[jira] [Commented] (HDFS-1150) Verify datanodes' identities to clients in secure clusters

[Jakob Homan (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HDFS-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014301#comment-13014301
 ] 

Jakob Homan commented on HDFS-1150:
-----------------------------------

Nicholas-
  Regarding the packaging question you asked yesterday (open-source development 
and collaboration sometimes does have a bit of lag), you raise a good point 
that wasn't addressed by the original patch.  As you can see, this patch was 
written in the middle of the security work under tight deadlines.  There is 
certainly room for improvement.  I will file a follow-up JIRA we and we can 
improve this.  After you noticed this, I spoke with Allen yesterday to 
brainstorm ways to improve it, hopefully as part of the ongoing packaging 
discussions, but would love to have your input. 
  As far as Windows goes, as pointed out above, we've never supported security 
under Windows.  As far as I know, you're the final HDFS developer to be working 
day to day under a Windows environment.  Perhaps it's time the community took 
another look whether or not it's still worth it to provide this support.  
Patches to make new features work under Windows after their original *nix 
patches are common; please file one for this, if you like.

> Verify datanodes' identities to clients in secure clusters
> ----------------------------------------------------------
>
>                 Key: HDFS-1150
>                 URL: https://issues.apache.org/jira/browse/HDFS-1150
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: data-node
>    Affects Versions: 0.22.0
>            Reporter: Jakob Homan
>            Assignee: Jakob Homan
>             Fix For: 0.22.0
>
>         Attachments: HDFS-1150-BF-Y20-LOG-DIRS-2.patch, 
> HDFS-1150-BF-Y20-LOG-DIRS.patch, HDFS-1150-BF1-Y20.patch, 
> HDFS-1150-Y20-BetterJsvcHandling.patch, HDFS-1150-Y20S-Rough-2.patch, 
> HDFS-1150-Y20S-Rough-3.patch, HDFS-1150-Y20S-Rough-4.patch, 
> HDFS-1150-Y20S-Rough.txt, HDFS-1150-Y20S-ready-5.patch, 
> HDFS-1150-Y20S-ready-6.patch, HDFS-1150-Y20S-ready-7.patch, 
> HDFS-1150-Y20S-ready-8.patch, HDFS-1150-trunk-2.patch, 
> HDFS-1150-trunk-3.patch, HDFS-1150-trunk.patch, 
> HDFS-1150-y20.build-script.patch, RequireSecurePorts.patch, 
> commons-daemon-1.0.2-src.tar.gz, hdfs-1150-bugfix-1.1.patch, 
> hdfs-1150-bugfix-1.2.patch, hdfs-1150-bugfix-1.patch
>
>
> Currently we use block access tokens to allow datanodes to verify clients' 
> identities, however we don't have a way for clients to verify the 
> authenticity of the datanodes themselves.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira