[
https://issues.apache.org/jira/browse/HDFS-2617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13417718#comment-13417718
]
Daryn Sharp commented on HDFS-2617:
-----------------------------------
I'm still confused about how kssl is insecure vs. spnego. They just seem
different to me. KSSL appears to be a generic means of authenticating a secure
socket, whereas SPNEGO is http specific. Here's what I understand, please
correct me if necessary because I must be missing something:
Kerberos is specifically designed for insecure networks so the mutual auth
exchange is always using strong encryption. Hftp + KSSL is encrypting the
kerberos auth before the http request occurs. SPNEGO does the kerberos auth in
the clear via standard http request headers. SSL encryption atop kerberos
seems to be of little value, whether "weak" or not, since kerberos auths are
already encrypted. Why is SPNEGO considered more secure when it lacks a second
layer of (unnecessary) encryption?
After the kerberos auth, all actual fs operations and transfers are in the
clear using a token. I think the weakest link is the token being passed around
insecurely. Hftp + KSSL gets the token "securely", but then uses it insecurely
over http which negates any advantage to getting it securely. Hftp + SPNEGO
does everything insecurely over http, so why is SPNEGO more secure?
Also, why can't we simply change/remove the hardcoded cipher?
> Replaced Kerberized SSL for image transfer and fsck with SPNEGO-based solution
> ------------------------------------------------------------------------------
>
> Key: HDFS-2617
> URL: https://issues.apache.org/jira/browse/HDFS-2617
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Reporter: Jakob Homan
> Assignee: Jakob Homan
> Fix For: 2.1.0-alpha
>
> Attachments: HDFS-2617-a.patch, HDFS-2617-b.patch,
> HDFS-2617-branch-1.patch, HDFS-2617-config.patch, HDFS-2617-trunk.patch,
> HDFS-2617-trunk.patch, HDFS-2617-trunk.patch, HDFS-2617-trunk.patch,
> hdfs-2617-1.1.patch
>
>
> The current approach to secure and authenticate nn web services is based on
> Kerberized SSL and was developed when a SPNEGO solution wasn't available. Now
> that we have one, we can get rid of the non-standard KSSL and use SPNEGO
> throughout. This will simplify setup and configuration. Also, Kerberized
> SSL is a non-standard approach with its own quirks and dark corners
> (HDFS-2386).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
