[
https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417128#comment-13417128
]
Daryn Sharp commented on HDFS-2617:
-----------------------------------
Have you tested {{HsftpFileSystem}} too? Do we even support encrypting the
transfer data if spnego is enabled?
The addition of {{useKssl(conf)}} seems rather invasive in the sense that many
callers have to be modified to specifically have knowledge of kssl. A simple
boolean complicates the ability to add new auth systems in the future. Maybe
we can push the decision to use kssl deeper into the system so it's more
transparent? Rough ideas:
* {{SecurityUtil.openSecureHttpConnection}} swaps out the https scheme with
http if kssl is not enabled. Negates a bunch of changes in {{HftpFileSystem}}
and {{DelegationTokenFetcher}}.
* Add a {{NameNode.getSecurePort(conf)}} that can use kssl to determine if the
https or http port should be returned, {{HftpFileSystem}} could use this for
the default secure port to be agnostic to kssl.
* Maybe add an arg to the ctor of {{HttpServer}} for the auth filter, or add a
setter for the auth filter so {{addInternalServlet}} and the many calls to it
don't need to be modified.
* The initialization of a secure {{HttpServer}} in places such as the NN and
2NN seem virtually identical, maybe create a common method? Would centralize
one of the main kssl checks.
* A few places appear to assume that if kssl is off, that the connection must
be spnego w/o even checking if security is enabled.
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
> Key: HDFS-2617
> URL: https://issues.apache.org/jira/browse/HDFS-2617
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Jakob Homan
> Assignee: Jakob Homan
> Fix For: 2.1.0-alpha
>
> Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch,
> HDFS-2617-branch-1.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch,
> HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch,
> hdfs-2617-1.1.patch
>
>
> The current approach to secure and authenticate nn web services is based on
> Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now
> that we have one, we can get rid of the non-standard KSSL and use SPNEGO
> throughout. This will simplify setup and configuration. Also, Kerberized
> SSL is a non-standard approach with its own quirks and dark corners
> (HDFS-2386).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
