[
https://issues.apache.org/jira/browse/HDFS-12532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16219966#comment-16219966
]
Vinayakumar B commented on HDFS-12532:
--------------------------------------
bq. see. You want to sacrifice security for convenience: using a single
principal and keytab for all nodes instead of unique principals for the nodes.
If yes, I hope your customer specifically requested this insecure setup, or has
been informed this misuse of kerberos will seriously degrade security.
I agree that, setup may not be fully complying to kerberos standards.
But same issue is applicable for non-secure setup with dual IP, in which case
client should be able to specify local-bind IP.
If you still feel that, adding an optional configuration to specify client bind
address is 'worthless' then we can go ahead and close this ticket.
> DN Reg can Fail when principal doesn't contain hostname and floatingIP is
> configured.
> -------------------------------------------------------------------------------------
>
> Key: HDFS-12532
> URL: https://issues.apache.org/jira/browse/HDFS-12532
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Brahma Reddy Battula
> Assignee: Brahma Reddy Battula
> Attachments: HDFS-12532.patch
>
>
> Configure principal without hostname (i.e hdfs/[email protected])
> Configure floatingIP
> Start Cluster.
> Here DN will fail to register as it can take IP which is not in "/etc/hosts".
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
