[
https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13189285#comment-13189285
]
Jakob Homan commented on HDFS-2617:
-----------------------------------
bq. Are you working on this? Since the change may be incompatible seem like we
should get this in an early 23.x release as possible.
Yes. I should have something for 1 next week, and 23 after that. It likely
will be incompatible for both, though I'm not going to necessarily for the 1
patch to be committed (although we'll be using it). It will be very painful to
try to support both KerbSSL and SPNEGO, so I'm writing the patch to not do
this. I've chatted with Devaraj and Owen and this seems reasonable. The only
change will be new keytabs (with http principal rather than host) and some
config changes.
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
> Key: HDFS-2617
> URL: https://issues.apache.org/jira/browse/HDFS-2617
> Project: Hadoop HDFS
> Issue Type: Improvement
> Reporter: Jakob Homan
> Assignee: Jakob Homan
>
> The current approach to secure and authenticate nn web services is based on
> Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now
> that we have one, we can get rid of the non-standard KSSL and use SPNEGO
> throughout. This will simplify setup and configuration. Also, Kerberized
> SSL is a non-standard approach with its own quirks and dark corners
> (HDFS-2386).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
