[
https://issues.apache.org/jira/browse/HDDS-1847?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16956312#comment-16956312
]
Eric Yang commented on HDDS-1847:
---------------------------------
[[email protected]] Hadoop 3.3.0+ has changed back to use
hadoop.http.authentication.kerberos.keytab for securing HTTP protocol with
Kerberos. Hadoop unified the SPNEGO settings to make sure that all HTTP ports
are secured by one global setting. Ozone is departing from Hadoop, hence, some
changes may not apply where other changes are worth considering. There are
three usability improvements that might help Ozone Kerberos configuration to be
easier to use.
This ticket is focusing on three problems in Ozone Kerberos config names:
1. Datanode keytab files and principal names are inconsistent. SPNEGO files
are prefixed with hdds, but Ozone datanodes are still using dfs prefix. It
maybe useful to separate out Ozone deployed datanode config from HDFS to
prevent confusion.
2. Datanode SPNEGO keytab file name is suffixed with keytab (look like Hadoop
convention, but other Ozone processes are not suffixed with keytab.file.)
3. Should all SPNEGO keytab file uses the same prefix like Hadoop to prevent
programming errors?
> Datanode Kerberos principal and keytab config key looks inconsistent
> --------------------------------------------------------------------
>
> Key: HDDS-1847
> URL: https://issues.apache.org/jira/browse/HDDS-1847
> Project: Hadoop Distributed Data Store
> Issue Type: Bug
> Affects Versions: 0.5.0
> Reporter: Eric Yang
> Assignee: Chris Teoh
> Priority: Major
> Labels: newbie
>
> Ozone Kerberos configuration can be very confusing:
> | config name | Description |
> | hdds.scm.kerberos.principal | SCM service principal |
> | hdds.scm.kerberos.keytab.file | SCM service keytab file |
> | ozone.om.kerberos.principal | Ozone Manager service principal |
> | ozone.om.kerberos.keytab.file | Ozone Manager keytab file |
> | hdds.scm.http.kerberos.principal | SCM service spnego principal |
> | hdds.scm.http.kerberos.keytab.file | SCM service spnego keytab file |
> | ozone.om.http.kerberos.principal | Ozone Manager spnego principal |
> | ozone.om.http.kerberos.keytab.file | Ozone Manager spnego keytab file |
> | hdds.datanode.http.kerberos.keytab | Datanode spnego keytab file |
> | hdds.datanode.http.kerberos.principal | Datanode spnego principal |
> | dfs.datanode.kerberos.principal | Datanode service principal |
> | dfs.datanode.keytab.file | Datanode service keytab file |
> The prefix are very different for each of the datanode configuration. It
> would be nice to have some consistency for datanode.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
