[
https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13173909#comment-13173909
]
Aaron T. Myers commented on HDFS-2617:
--------------------------------------
bq. The next question is - how to deprecate the kerbssl. It'll be quite
annoying to have to support both for a couple releases.
I realize this isn't ideal, but I'm in favor of just ripping out kssl in an
incompatible way. I think it's reasonable to expect that the NN and 2NN be
upgraded in lockstep. Though it's obviously undesirable to have to match client
version to server version just to run fsck, I'm of the opinion that that's an
acceptable tradeoff versus the pain of having to support both kssl and
something else for a few releases.
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
> Key: HDFS-2617
> URL: https://issues.apache.org/jira/browse/HDFS-2617
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Jakob Homan
> Assignee: Jakob Homan
>
> The current approach to secure and authenticate nn web services is based on
> Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now
> that we have one, we can get rid of the non-standard KSSL and use SPNEGO
> throughout. This will simplify setup and configuration. Also, Kerberized
> SSL is a non-standard approach with its own quirks and dark corners
> (HDFS-2386).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
