[jira] [Commented] (HDFS-2264) NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo annotation

Wed, 17 Aug 2011 22:00:10 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-2264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13086801#comment-13086801
 ] 

Harsh J commented on HDFS-2264:
-------------------------------

Thanks [~jnp] and [~atm], so since BN/CN are not available on the 0.20 branch, 
can we introduce changes that split out balancer methods to its own protocol 
and then applies separated configs to namenode protocol and balancer protocols 
for their individual principals? I can open a new JIRA for the proto split if 
this is OK.

Also, its highly unlikely that more than 1 of SNN/BN/CN run on the same node, 
so a generic 'checkpoint'-ish configuration can also make sense here, which all 
three nodes can share.

The other, last way is as you propose, to get rid of the clientPrincipal 
altogether and use only acls.

I feel going with a split + separated config for nodes + balancer would be a 
good way, thoughts?

> NamenodeProtocol has the wrong value for clientPrincipal in KerberosInfo 
> annotation
> -----------------------------------------------------------------------------------
>
>                 Key: HDFS-2264
>                 URL: https://issues.apache.org/jira/browse/HDFS-2264
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: name-node
>    Affects Versions: 0.23.0
>            Reporter: Aaron T. Myers
>            Assignee: Harsh J
>             Fix For: 0.23.0
>
>         Attachments: HDFS-2264.r1.diff
>
>
> The {{@KerberosInfo}} annotation specifies the expected server and client 
> principals for a given protocol in order to look up the correct principal 
> name from the config. The {{NamenodeProtocol}} has the wrong value for the 
> client config key. This wasn't noticed because most setups actually use the 
> same *value* for for both the NN and 2NN principals ({{hdfs/_HOST@REALM}}), 
> in which the {{_HOST}} part gets replaced at run-time. This bug therefore 
> only manifests itself on secure setups which explicitly specify the NN and 
> 2NN principals.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to